How to Handle Secrets in Jenkins
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
DevOps
Mend SAST Administration - User Interface Walkthrough
Mend SAST is a SAST (Static Application Security Testing) solution for performing deep and extensive security analysis of application source code. Mend SAST is easy to use, requires almost no user input, and can be deployed during or after development with easy integration into a DevOps environment and CI/CD pipeline. The solution provides an excellent way to automate code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. Mend SAST supports all major languages and their frameworks, from Android Java to Xamarin C#.
Policy Lifecycle Management from VS Code and CLI with Styra Link
Many engineers like to stick to the IDE or the command line as they use those for their daily tasks instead of jumping into yet another SaaS web application. To improve the Styra DAS experience for them, we developed Styra Link, a tool that allows users to perform most of the tasks of the Styra DAS UI and manage OPA from the CLI or from VS Code. Styra DAS offers a fully integrated policy authoring and lifecycle management experience in a web-based UI.
Securely Deploy Kubernetes Clusters with Teleport Machine ID and GitHub Actions
Current approaches to managing machine identity for infrastructure like Kubernetes Clusters and CI/CD workflows rely on outdated security mechanisms like passwords, shared secrets, and other manual processes that are error prone and increase the risk of breach.
The Five Key Principles of Modern Application Security
I recently had the pleasure of joining Marina Novikova, partner solutions architect from AWS in a webinar to discuss the key principles for building modern application security programs. We explored the big issues facing AppSec today, and why many companies are taking a new approach. As the world becomes increasingly application-driven, security can no longer be simply a box-ticking exercise for compliance purposes. It must do much more to ensure that software is delivered safely.
Store & manage secrets like API keys in Python - Tech Tip Tuesdays
In this video, we explore how to securely manage secrets like API keys, passwords, credential pairs, and other sensitive information in python. We run through the basics of using environment variables and move onto more advanced senarios such as managing different secrets for multiple environments.
The history of Ranswomware - The first ransomware attack in the world
Ransomware is not new, it has been around for more than 30 years but it has changed a lot over the years. This is a snippet from a full webinar on Ransomware with Grzegorz Bak that dives into the most alarming statistics of ransomware and how we can protect ourselves against it. This presentation is thanks to GitProtect which helps make sure your code assets are securely backed up easily.
Exploring the open-source business model and how companies monetize it
With the rise of open-source solutions and solution providers, one of the biggest questions asked is, how do businesses monetize while giving away the source code for free?
Kubernetes Security Best Practices
Kubernetes is an open source orchestration platform for containerized workflows. It is the best way to manage – or orchestrate – large clusters of containers at scale. Sometimes abbreviated as K8s, Kubernetes helps you efficiently manage clusters of hosts running Linux containers. In the age of containers, Kubernetes has become a popular open source project and key building block for modern tech infrastructure.
This Week in VulnDB - The Big Fix Edition
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.