But wouldn't some sort of SCA/SAST/DAST catch that? Like if I'm importing a site... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

alephnerd 7 months ago | parent | context | favorite | on: Polyfill supply chain attack hits 100K+ sites

But wouldn't some sort of SCA/SAST/DAST catch that?

Like if I'm importing a site template, ideally I'd be verifying either it's source or it's source code as well.

(Not being facetious btw - genuinely curious)

ttyprintk 7 months ago [–]

I was hoping ongoing coverage would answer that; it sounds like a perfect example. I heard that the tampered code redirects traffic to a sports betting site.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact