Static Application Security Testing (SAST) has been a central part of application security efforts for more than 15 years. Forrester’s State Of Application Security Report, 2022 found that lacking application security remains a leading cause of external security breaches, so it’s safe to say that SAST will be in use for the foreseeable future.

Kubernetes clusters consist of multiple resources and API objects interacting dynamically—which typically makes cluster management via the CLI overwhelming. Kubernetes Dashboard was built to simplify cluster operations by providing a unified, human-friendly interface. The web-based dashboard enables cluster operators to deploy applications, access running workloads, and correlate logs with cluster events. This article demonstrates how to install and use Kubernetes Dashboard.

As organizations rapidly transform the way they build and deploy applications in pursuit of greater business agility and increased speed to market, they face significant challenges implementing effective authorization controls throughout microservices environments and the infrastructure they run on. For Identity and Access Management (IAM) teams, stitching together different data sources and transforming them for authorization purposes is complex and time-consuming.

Enterprises are embracing cloud-native applications in the name of business agility. These applications enable developers to take advantage of the cloud’s scalability and flexibility, allow customers and developers to benefit from the increased velocity of DevOps processes and help businesses quickly react to customer needs and potentially lower their cost of deployment.

When delivering customer experiences from the cloud, defending the app includes the data it houses and the business it represents. The DevSecOps mindset, “You build it, you run it, you secure it” helps, but only when all teams are empowered with the info they need to see a threat, regardless of where it is.

Open source got more open source-y. Kubescape API is now documented on Swagger, the OpenAPI standard. That’s it in a nutshell. Scroll down to read more about it. We’re excited to share that we made another important step as an open-source company. We have documented the APIs of our newly open-sourced services using Swagger, the OpenAPI standard. This will help you integrate, interact and develop for the Kubescape platform.

TL;DR: AWS Object Lamba can authorize requests to S3. We can create an Object Lambda that calls Open Policy Agent (OPA) to get a policy decision. This delegation allows us to implement policies using Rego and manage them in Styra Declarative Authorization Service (DAS).

The modern approach to application security includes strategies and technologies that help development teams prioritize the vulnerabilities they should address and fix. By giving these teams tools that efficiently identify security vulnerabilities that present the biggest risk, they can address them as quickly as possible. Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite, got together for a fireside chat to discuss how to implement these strategies.