How to Create a SPDX SBOM Using Mend
In this short video, we will demonstrate how to create an NTIA compliant Software Bill of Materials for applications that have been scanned using Mend. ...
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
DevOps
Mend Bitbucket Cloud Integration
Are you using Bitbucket.com? Mend can integrate with your source control and quickly detect open source artifacts and their known vulnerabilities and licensing risks. Mend also provides all the information you need to fix these artifacts automatically.
Dev-First Prevention Strategies
Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers. This dynamic is often based on prior experience with legacy security systems that focus almost solely on the needs of security and fail to support developers in this process.
More Cloud Integration Capabilities for Kubernetes Backup and Restore in the February Update of CloudCasa
Mid-winter is fast approaching, meaning it’s nearly time to start thinking about spring again! But here at Catalogic all we’ve been thinking about lately is adding more features to CloudCasa. We were thrilled to hear that CloudCasa has been named a Kubernetes data protection leader and outperformer in the recently released GigaOm Radar for Kubernetes Data Protection Report, but we have no intention of resting on our laurels!
Software and AppSec Challenges and Opportunities in Banking and Fintech - Part Three
Application security is particularly important in the banking and financial technology sector, where a single breach can put large portions of sensitive information at risk. How to manage that risk is a complex process that affects how teams secure applications across their software supply chain.
Security gaps in a Managed Kubernetes Environment
In this article, we examine the impact of a shared responsibility model on end-user security administration in managed Kubernetes environments. We also explore typical difficulties and effective methods for securing these environments.
AI-Generated Infrastructure-as-Code: The Good, the Bad and the Ugly
With the rise of OpenAI’s GPT-3, ChatGPT and Codex products, as well as GitHub’s CoPilot and numerous competitors, today we’re seeing developers experimenting with AI to help augment their development workflows. While at first these efforts focused on more commonly used programming languages, such as Javascript and Python, the AI use cases are now expanding to Infrastructure-as-Code (IaC) configurations.
How to Bake Security into your CI/CD Pipeline
According to IBM Security's "The Cost of a Data Breach Report", the global cost of data breaches in 2022 increased by 2.6% compared to previous year, reaching $4.35 million. The source code of major companies like Nvidia, Microsoft, Uber, Slack, Toyota was leaked, often caused by usage of hardcoded secrets (you can see more details in the infographics below). In those cases, lateral movements were compromising software supply chain security. In their report Gartner claims about 45% of companies should expect to become targets of supply chain attacks by 2025.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
Take GitHub threats seriously: The largest code-sharing platform is extending your attack surface
In 2021, GitGuardian scanned over 1 billion data points on GitHub.com, and the results were stunning. More than 6 million secrets – think API keys, database connection strings, and private certificates – were exposed on the platform! Even more striking is the share of secrets and sensitive data exposed on the personal repositories of developers or open-source projects, of which SecOps teams lack visibility and control.