Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Feb 1, 2023 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video

Take GitHub threats seriously: The largest code-sharing platform is extending your attack surface

Feb 1, 2023 By GitGuardian In GitGuardian
In 2021, GitGuardian scanned over 1 billion data points on GitHub.com, and the results were stunning. More than 6 million secrets – think API keys, database connection strings, and private certificates – were exposed on the platform! Even more striking is the share of secrets and sensitive data exposed on the personal repositories of developers or open-source projects, of which SecOps teams lack visibility and control.
View Video

Snyk Workflows - Basic Workflows (IDE & CLI)

Feb 1, 2023 By Snyk In Snyk
Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. The first session covers basic workflows in the IDE and CLI. You’ll learn to proactively plan how to leverage Snyk in different places and different ways. We will cover basic workflows and how to use them, as well as quick tips.
View Video
veracode

Quick Start Guide: Integrate Veracode in Your DevOps Pipeline

Jan 31, 2023 By Clint Pollock In Veracode

For today’s DevSecOps teams, the demands continue to intensify. Application portfolios and codebases continue to grow, while cyberattacks remain an ever-present danger. More than ever, it’s vital to ensure security gaps are identified and addressed with maximum speed and efficiency. In order to do this, you need to establish a continuous feedback loop on security threats, so you can realize optimized, sustained results – which is exactly how Veracode helps.

Read Post
mend

Application Security Requires Concerted, Continuous Efforts

Jan 30, 2023 By Adam Murray In Mend

According to Forrester Research, applications are the top cause of external breaches because cybercriminals consider them to be one of the easiest entry points to attack organizations’ code bases. As supply chain attacks increase, it has become increasingly important for organizations to implement and maintain a continuous application security program and make it a priority.

Read Post
mend

Yandex Data Leak Triggers Malicious Package Publication

Jan 30, 2023 By Tamir Ben Ari In Mend

It would be big news, to say the least, if a large quantity of Google source code found its way into the public domain. Now imagine if the leak also included source code from Amazon and Uber. That’s the scale of the data leak that hit Russian tech giant Yandex. The risk here is that malicious actors could analyze the leaked code and discover exploitable security gaps.

Read Post
mend

How to Manage Risk Effectively in Cloud-Native Environments

Jan 26, 2023 By Omer Dahan In Mend

We’ve all got our heads in the cloud, or if not yet, we’re well on our way there. In other words, the process of digital transformation is happening at such a pace that almost all organizations will soon be working in the cloud and using cloud-native technology. Analyst Gartner has predicted that by 2025, over 95% of new digital workloads will be deployed on cloud-native platforms. This represents a 30% growth from 2021.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.