Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/GoogleContainerTools/skaffold/v2
Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application. It also provides building blocks and describe customizations for a CI/CD pipeline.
Or, check out our Github Releases page for release info or to install a specific version.
git clone
and skaffold run
skaffold run
end-to-end, or use individual Skaffold phases to build up your CI/CD pipeline. skaffold render
outputs hydrated Kubernetes manifests that can be used in GitOps workflows.For a managed experience of Skaffold you can install the Google Cloud Code
extensions:
It can manage and keep Skaffold up-to-date while providing a more guided startup experience, along with providing and managing other common dependencies, and works with any kubernetes cluster.
We welcome any contributions from the community with open arms - Skaffold wouldn't be where it is today without contributions from the community! Have a look at our contribution guide for more information on how to get started on sending your first PR.
Come hang out with us!
Office Hours
We hold open office hours on the last Wednesday of the month at 9:30 AM Pacific Time. This is an open forum for anyone to show up and bring ideas, concerns, or just in general come hang out with the team! This is also a great time to get direct feedback on contributions, or give us feedback on ways you think we can improve the project. Come show us how you're using Skaffold!
Join the skaffold-users mailing list to get the calendar invite directly on your calendar. You can access the hangouts invite directly from this calendar invite.
Survey
Your feedback is very valuable to us! We have an anonymous user feedback survey - please help us by spending a quick 5 minutes to tell us how satisfied you are with Skaffold, and what improvements we should make! You can also run skaffold survey
from your terminal to open the survey directly in your default browser.
Survey Link - https://forms.gle/BMTbGQXLWSdn7vEs6
Skaffold is generally available and considered production ready. Detailed feature maturity information and how we deprecate features are described in our Deprecation Policy.
Please see our security disclosure process. All security advisories are managed on Github.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.