Veracode has extended the reach of a Package Firewall that applies policies that limit what types of code can be downloaded.

DevOps publication provides insights into DevOps practices, tools, and culture, offering articles and tutorials for automating software delivery pipelines and fostering collaboration between development and operations teams. By exploring DevOps's curated content, developers can learn about infrastructure as code (IaC), containerization, and cloud-native technologies for building scalable and resilient applications. DevOps publication offers  guidance and best practices to accelerate your software delivery process and improve team collaboration.

DevOps.com

Veracode's Package Firewall now supports Microsoft Azure Artifacts, enabling DevSecOps teams to enforce policies that prevent downloading malicious code from repositories. The tool identifies 40-50 compromise indicators and supports custom policies based on risk profiles and vulnerability thresholds. This expansion addresses recent supply chain attacks like Shai-Hulud, which compromised npm packages with worm-like malware. The firewall works with NPM, PyPI, Maven, Nexus, and Artifactory repositories, shifting security enforcement to the download point rather than relying solely on code scanning after compromise.

Veracode Extends Package Firewall Reach to Microsoft Artifacts