Learn how to proactively manage and secure your software from vulnerabilities and supply chain attacks.

Octopus Deploy Blog offers insights, tutorials, and updates on DevOps, continuous delivery, and infrastructure automation. Covering topics such as deployment pipelines, release management, and configuration management, Octopus Deploy Blog provides resources for DevOps engineers and software teams. Developers can learn about automating deployments, managing infrastructure as code, and implementing CI/CD practices through Octopus Deploy's blog posts and case studies.

OctopusDeploy

Supply chain attacks on npm packages like axios highlight the need for proactive dependency security. This guide walks through setting up daily SBOM security scans using Octopus Deploy, leveraging a dedicated Security environment and lifecycle alongside a daily trigger that rescans production dependencies. The pattern ensures vulnerabilities discovered after deployment are caught quickly, complementing CI-time SAST/DAST scanning with continuous production monitoring.

Proactive Dependency Security Best Practices