Supply chain attack



Description

A developer publishes a couple of innocent text corrections to the website and suddenly people complain that the site is slow and that strange messages appear in the Javascript Developer Console. Besides that, the logo of the website seems to have changed...

Learning objectives

In this challenge you will learn all about

  • How 3rd party dependencies can inadvertently update
  • How to ensure that the CI/CD pipeline uses the same versions of packages that you were using in development.
  • How to use dependency scanning tools such as Snyk to detect vulnerable packages early in your development cycle.
  • How to use dependency scanning tools such as Snyk to warn you for new vulnerabilities on already published applications.