The latest articles on DEV Community by esloqeeus (@esloqeeus_36e50b14e5eda6a). https://dev.to/esloqeeus_36e50b14e5eda6a https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3882189%2F743b3b22-fb15-4098-a2c3-33a2b240a621.png https://dev.to/esloqeeus_36e50b14e5eda6a en esloqeeus Thu, 16 Apr 2026 10:12:38 +0000 https://dev.to/esloqeeus_36e50b14e5eda6a/why-we-are-adding-ai-to-slsa-for-critical-infrastructure-4hp5 https://dev.to/esloqeeus_36e50b14e5eda6a/why-we-are-adding-ai-to-slsa-for-critical-infrastructure-4hp5 <p>As a team, We're working on a project to turn standard supply chain scanning into actual Risk Intelligence. <br> The Core Idea: We are building a platform that ingests GitHub repos, runs the standard stack (Syft/Trivy/Grype), but then adds an AI/ML layer to:<br> Verify SLSA Provenance: Automate the checking of unpinned actions and build integrity.<br> Detect Anomalies: Using IsolationForest to flag weird dependency changes that simple scanners might miss .<br> Provide Explainable Scoring: Using SHAP so the security lead knows why a repo was marked as "High Risk."<br> Our specific focus is Critical Infrastructure (Energy/Telecom), where a "blind" update can be catastrophic.</p> <p>**<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frh0z3ou7gq2bwmj00n8o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frh0z3ou7gq2bwmj00n8o.png" alt=" " width="373" height="135"></a>**</p> ai devops machinelearning security