Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Open Source

Deceptive 'Vibranced' npm Package Discovered Masquerading as Popular 'Colors' Package

A new malicious package has been detected on the Node Package Manager (npm) repository that poses a significant threat to users who may unknowingly install it. Named ‘Vibranced,’ the package has been carefully crafted to mimic the popular ‘colors’ package, which has over 20 million weekly downloads.

Black Duck SCA vs. Black Duck Audit Services

With a surplus of software security testing solutions on the market, identifying the right SCA solution has never been more important. In today’s world, there is an increasingly large number of software security tools and testing solutions available with a range of capabilities, including software composition analysis (SCA), for managing open source risks.

Navigating Open Source License Legal Risks: A Comprehensive Guide

Open source software has revolutionized the software development landscape, providing cost-effective solutions and promoting collaboration among developers worldwide. However, the legal terms associated with open source licenses can be complex, and improper management of these licenses may lead to significant legal risks.

Using Workflow Actions & OSINT for Threat Hunting in Splunk

Picture yourself, a threat hunter using Splunk, and the words "workflow action" are uttered by your helpful security Splunker... Workflow actions make you a faster and more effective security analyst. They allow you to skip the laborious steps of logging into various websites to do your job and just get straight to business.

GitGuardian vs. Custom-Built Secrets Detection Tools

DIY or open-source secrets detection can seem cost-effective and customizable initially... until you start hitting the first obstacles like scalability, developer experience (DX), or deep application security expertise. Read on to find out how GitGuardian can help you rise above these!

New language-specific Snyk Top 10 for open source vulnerabilities

Developers use open source code because it facilitates fast development. In fact, the vast majority of code in modern applications is open source. But just like any other code, open source libraries are open to vulnerabilities that can negatively affect a wide range of end-user products. So with widespread usage of open source, it's important for teams to be aware of the risks that can be hidden in the libraries they use.

How To Setup Velero Backups On EKS Using IAM Roles for Service Accounts (IRSA)

Velero is an open-source tool that allows you to backup and restore your Kubernetes cluster resources and persistent volumes. Velero backups support a number of different storage providers including AWS S3. The process of setting up Velero backup with S3 using AWS credentials has been documented by Velero here. However, at the time of this post, there is no official documentation on how to set up Velero using IRSA or IAM Roles for Service Accounts.