According to a recent LinkedIn post from Semgrep, the company is drawing attention to an SAP-related npm software supply chain risk it describes as a “Mini Shai-Hulud” attack. The post outlines a triage checklist for identifying potential compromise, focusing on specific npm package versions, GitHub repository descriptions, and commit patterns that may signal malicious activity.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The post also indicates that, if indicators of compromise are found, organizations should rotate a broad range of credentials and secrets across platforms such as GitHub, major cloud providers, Kubernetes, and environment variables. The company’s LinkedIn post highlights that Semgrep customers reportedly have access to an advisory and detection rule, suggesting an attempt to position its tooling as relevant for emerging software supply chain threats and potentially strengthening its value proposition in the application security market.