<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Supply-Chain-Security on DRM HSE</title><link>https://www.drmhse.com/tags/supply-chain-security/</link><description>Recent content in Supply-Chain-Security on DRM HSE</description><generator>Hugo</generator><language>en</language><lastBuildDate>Wed, 15 Jul 2026 12:13:23 +0300</lastBuildDate><atom:link href="https://www.drmhse.com/tags/supply-chain-security/index.xml" rel="self" type="application/rss+xml"/><item><title>Why I Built a Desktop UI for Perplexity's Bumblebee Scanner</title><link>https://www.drmhse.com/posts/bringing-a-face-to-the-buzz-why-i-built-a-ui-for-perplexity-bumblebee-scanner/</link><pubDate>Sun, 24 May 2026 19:36:43 +0300</pubDate><guid>https://www.drmhse.com/posts/bringing-a-face-to-the-buzz-why-i-built-a-ui-for-perplexity-bumblebee-scanner/</guid><description>&lt;p>When an advisory names a compromised package or editor extension, the immediate question is not abstract: is that exact package and version on this machine?&lt;/p>
&lt;p>&lt;a href="https://github.com/perplexityai/bumblebee"target="_blank" rel="noopener noreferrer" class="external-link">Perplexity&amp;rsquo;s Bumblebee scanner&lt;svg class="inline-block w-3 h-3 ml-0.5 align-baseline" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
 &lt;path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14">&lt;/path>
 &lt;/svg>
&lt;/a> answers that question by reading package-manager metadata, lockfiles, extension manifests, and supported developer-tool configurations on macOS and Linux. It does not execute package managers or inspect source files. It emits the inventory, diagnostics, scan summary, and any exact matches against a supplied exposure catalog as NDJSON.&lt;/p></description></item></channel></rss>