Tag

Security

The Registry Is Not the Trust Boundary

A June 1 Red Hat disclosure shows why supply chain defense is no longer just about dependency versions. If a compromised GitHub account can push malicious code into a package namespace, the real control point is the publish path, the build graph, and the evidence trail you can verify afterward.

4 min read