GMO Flatt Security Launches 'Software Supply Chain Assessment' and 'Software Supply Chain Attack Exercise' Services
GMO Flatt Security has launched two new services to support software supply chain attack mitigation for development organizations. By combining structural risk assessment of dependency management and CI/CD environments with practical exercises based on real-world incidents, the company aims to strengthen the resilience of the entire development pipeline.
📋 Article Processing Timeline
- 📰 Published: May 26, 2026 at 21:00
- 🔍 Collected: May 26, 2026 at 12:31
- 🤖 AI Analyzed: May 26, 2026 at 22:03 (9h 31m after Collected)
GMO Flatt Security, a cybersecurity firm under the GMO Internet Group that operates with the mission of 'supporting engineers,' announced on May 26, 2026, the launch of its new 'Software Supply Chain Assessment' and 'Software Supply Chain Attack Exercise' services for development organizations.
The 'Software Supply Chain Assessment' is a service that visualizes the potential scope of damage and prioritization of responses in the event of a security breach, covering areas from dependency package management to CI/CD environment configuration and permission design. It allows organizations to simulate the potential leakage of authentication, confidential, and personal information. The 'Software Supply Chain Attack Exercise' is a tabletop exercise service where development teams practice incident response decision-making based on actual cases, such as the 'axios' package breach.
By combining these services, GMO Flatt Security provides integrated support to harden the entire development pipeline, from visualizing supply chain risks to establishing a structure where teams can act independently during incidents.
This launch comes as risks to source code repositories and CI/CD environments continue to escalate. Since early 2026, major package breaches and developer credential thefts have become more frequent, raising concerns about secondary damage from leaked API keys and other credentials. In addition to the defensive features of 'Takumi,' GMO Flatt Security is further strengthening its support by adding professional-led diagnostics and exercises.
The 'Software Supply Chain Assessment' is a service that visualizes the potential scope of damage and prioritization of responses in the event of a security breach, covering areas from dependency package management to CI/CD environment configuration and permission design. It allows organizations to simulate the potential leakage of authentication, confidential, and personal information. The 'Software Supply Chain Attack Exercise' is a tabletop exercise service where development teams practice incident response decision-making based on actual cases, such as the 'axios' package breach.
By combining these services, GMO Flatt Security provides integrated support to harden the entire development pipeline, from visualizing supply chain risks to establishing a structure where teams can act independently during incidents.
This launch comes as risks to source code repositories and CI/CD environments continue to escalate. Since early 2026, major package breaches and developer credential thefts have become more frequent, raising concerns about secondary damage from leaked API keys and other credentials. In addition to the defensive features of 'Takumi,' GMO Flatt Security is further strengthening its support by adding professional-led diagnostics and exercises.
FAQ
GMO Flatt Securityが新たに提供を開始したサービスは何ですか?
開発組織向けの「ソフトウェアサプライチェーン診断」と「ソフトウェアサプライチェーン攻撃演習」の2サービスです。
「ソフトウェアサプライチェーン診断」では何が可視化されますか?
依存パッケージの管理からCI/CD環境の構成・権限設計までを対象に、侵害時の被害範囲と対応優先度が可視化されます。
「ソフトウェアサプライチェーン攻撃演習」の特徴は何ですか?
「axios」などの実際の侵害事例をもとに、開発チームが自らインシデント対応と判断を実践する机上演習サービスです。
なぜこのサービスが必要なのですか?
ソースコードリポジトリやCI/CD環境を狙うソフトウェアサプライチェーン攻撃が多発しており、認証情報や機密情報の流出リスクが深刻化しているためです。
本サービスの開始日はいつですか?
2026年5月26日(火)です。