https://blog.abhipraya.dev/tags/supply-chain/Recent content in Supply-Chain on Daffa AbhiprayaHugoen-us© Daffa AbhiprayaWed, 15 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w3-security/Wed, 15 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w3-security/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>Two weeks of security work that span the whole stack. Week 1 (2-8 Apr) closed two OWASP A01 (Broken Access Control) gaps — one in our own code, one caught during a teammate&rsquo;s code review — and added Sentry observability to Celery tasks so background job failures stop disappearing silently. Week 2 (9-15 Apr) patched a high-severity axios SSRF (GHSA-3p68-rc4w-qgx5) that <code>pnpm audit</code> caught in a routine MR pipeline. The pattern across the two weeks: fix boundaries in our own code, and keep dependencies patched via automated audit.</p>