Skip to content

Commit d59fe4e

Browse files
jaimergpjaimergp
authored
Security audit post: disable asset auto-linking (#2567)
1 parent 36f229f commit d59fe4e

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

blog/2025-07-16-security-audit.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ tags: [security]
66

77
# Security audit
88

9-
During the first half of the year, conda-forge has been subject to a security audit in partnership with [Open Source Technology Improvement Fund](https://ostif.org/) (OSTIF), [Sovereign Tech Agency](https://www.sovereign.tech/) (STA) and the security firm [7ASecurity](https://7asecurity.com/). This effort has resulted in the identification and remediation of 13 findings with security impact, a custom threat model, and a supply chain security analysis. Full details are now publicly available in the [final report](/_static/CON-01-conda-forge-Audit-Public_RC1.0.pdf).
9+
During the first half of the year, conda-forge has been subject to a security audit in partnership with [Open Source Technology Improvement Fund](https://ostif.org/) (OSTIF), [Sovereign Tech Agency](https://www.sovereign.tech/) (STA) and the security firm [7ASecurity](https://7asecurity.com/). This effort has resulted in the identification and remediation of 13 findings with security impact, a custom threat model, and a supply chain security analysis. Full details are now publicly available in the [final report](pathname:///_static/CON-01-conda-forge-Audit-Public_RC1.0.pdf).
1010

1111
<!-- truncate -->
1212

@@ -21,7 +21,7 @@ Back in April 2024, we started a conversation with [OSTIF](https://ostif.org/) t
2121
- One incident in `conda-forge/conda-forge-ci-setup`.
2222
- One incident in `conda-forge/infrastructure`.
2323

24-
7ASecurity also contributed a detailed threat model and a supply chain security analysis. CVEs, Github Advisories and related contributions are available in the [final report](/_static/CON-01-conda-forge-Audit-Public_RC1.0.pdf).
24+
7ASecurity also contributed a detailed threat model and a supply chain security analysis. CVEs, Github Advisories and related contributions are available in the [final report](pathname:///_static/CON-01-conda-forge-Audit-Public_RC1.0.pdf).
2525

2626
We are incredibly grateful for the support offered by OSTIF and STA, and we are delighted to have worked with 7ASecurity during all these months! You can read their blog posts at:
2727

0 commit comments

Comments
 (0)