A software Bill of Materials or SBOM provides transparency into an organization’s software, protecting it from supply chain risks. Just because the component you add to your application is secure today doesn’t mean that the application will still be secure tomorrow.

None of us want to look into a production audit system, as this most likely happens after a security breach or a security incident. Over the years, people have come up with many ideas to see what applications are doing. Almost all databases keep event logs to prevent data loss. Systems such as Kubernetes generate events for every action, and applications that probably run in your production also implement some structured logging for the same reason. But what can we do if all of that is not enough?

As more and more applications and application development move to the cloud, traditional security roles and organizational structures are being shaken up. Why is that and what are the benefits of a cloud-first approach for business?

How does an application find its way into a company? In most cases today, people don’t start by searching through their organization’s catalog of approved applications.

Modern microservices applications built using containers are complex — often requiring complex authorization solutions, due to the sheer number of access possibilities involved. Indeed, as IT infrastructure has migrated to the cloud, along with the applications running on it, security and privacy concerns have only increased. As microservice applications became ubiquitous, open-source authorization tools have come to the fore for many organizations.

When scanning an image you probably want to scan for both operating system vulnerabilities and vulnerabilities in the application dependencies (like npm, pom.xml, package.json etc), in order to get a full picture of the security issues within your images. Until now, when using the Snyk Container test/monitor commands to scan images you had to specify the --app-vulns flag in order to scan for application vulnerabilities.

Reddit is a good place to stay in the loop when it comes to web development news, and if you’re like me, you probably follow subreddits like r/node or r/javascript. I recently found a great way to build a Zapier Reddit integration with just my JavaScript knowledge — so I can share those trending Reddit posts in my team’s channel. In this article you’ll learn.

The education systems, including K-12 school institutions, are in the crosshairs of increasingly frequent and sophisticated cyberattacks. In just one month of 2021, educational organizations suffered more than 5.8 million malware incidents. Teachers, administrators and students are also targets as they use various devices such as laptops and smartphones to browse social media or send messages with friends and family.

Welcome to the first episode of Authenticated, a new series from Arctic Wolf Labs designed to break down our fundamental, people-driven approach to cybersecurity. Led by Arctic Wolf Chief Product Officer Dan Schiappa, Authenticated explores how we’re reinventing the cybersecurity industry one innovation at a time.

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting.