https://miscreants.github.io/blog.trailofbits.com/authors/facundo-tuesca/Recent content in Facundo Tuesca on The Trail of Bits BlogHugoen-usFri, 12 Dec 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/12/catching-malicious-package-releases-using-a-transparency-log/Fri, 12 Dec 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/12/catching-malicious-package-releases-using-a-transparency-log/We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identities in the Rekor transparency log.https://miscreants.github.io/blog.trailofbits.com/2025/01/30/pypi-now-supports-archiving-projects/Thu, 30 Jan 2025 09:00:22 -0500https://miscreants.github.io/blog.trailofbits.com/2025/01/30/pypi-now-supports-archiving-projects/PyPI now supports marking projects as archived. Project owners can now archive their project to let users know that the project is not expected to receive any more updates. Project archival is a single piece in a larger supply-chain security puzzle: by exposing archival statuses, PyPI enables downstream consumers to make more […]