Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Snyk

Building a secure CI/CD pipeline with GitHub Actions

Jun 27, 2022 By Brian Vermeer In Snyk

GitHub Actions has made it easier than ever to build a secure continuous integration and continuous delivery (CI/CD) pipeline for your GitHub projects. By integrating your CI/CD pipeline and GitHub repository, GitHub Actions allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository or deploy merged pull requests to production.

Read Post
armo

What have we learned from scanning over 10,000 Kubernetes clusters with Kubescape?

Jun 26, 2022 By Jonathan Kaftzan In ARMO
With Kubernetes adoption continuing to rise, we've seen multiple studies add to the growing body of research for enterprise K8s deployments this past year. Companies leveraging managed services and packaged platforms drive much of the continued growth in adoption. An annual study conducted by the Cloud Native Computing Foundation (CNCF) found that 96% of organizations surveyed are either using or evaluating K8s currently.
Read Post
teleport

SSH Certificates: How Do OpenSSH Certificates Compare to X.509?

Jun 23, 2022 By Sakshyam Shah In Teleport

X.509 is the first thing that comes to mind when discussing digital certificates. After all, it is the most widely used digital certificate in the PKI ecosystem and is the core component of SSL/TLS protocols, the technology that powers HTTPS. X.509 was first released on 25 November 1988 and is powerful, extensible and widely supported. But it's not the only certificate format available out there. For example, the popular email encryption program PGP uses a custom certificate format instead of X.509.

Read Post
CalCom

Why to harden PowerShell and not remove it completely

Jun 22, 2022 By John Gates In CalCom
The National Security Agency (NSA) and partner cybersecurity authorities recently released an information sheet recommending proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely. PowerShell is a built-in scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify and automate administrative tasks.
Read Post

Stranger Danger: Your Java Attack Surface Just Got Bigger

Jun 22, 2022 By Snyk In Snyk
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video
Snyk

New Research from Snyk and The Linux Foundation Reveals Significant Security Concerns Resulting from Open Source Software Ubiquity

Jun 21, 2022 By Snyk In Snyk
The State of Open Source Security Highlights Many Organizations Lacking Strategies to Address Application Vulnerabilities Arising from Code Reuse.
Read Post
mend

3 Critical Best Practices of Software Supply Chain Security:

Jun 20, 2022 By Adam Murray In Mend

If your organization develops software and applications to deliver products and solutions, then more than likely you’re using third-party open source components to help create them. According to most estimates, open source components now make up over 80 percent of software products.

Read Post
armo

How to secure Kubernetes Ingress?

Jun 20, 2022 By Ben Hirschberg In ARMO
Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ultimately allows you to expose HTTP and HTTPS from outside the Kubernetes cluster so you no longer need to expose each service separately—something that can be expensive and tedious as an application scales, resulting in an increase in services.
Read Post
Featured Post
Snyk

How to decide what to fix when you can't fix everything

Jun 17, 2022 By Tal Dromi, Product Manager In Snyk
Contributing to a legacy software development project, as a security-aware developer, is a bit like inheriting an old house. In my old house, the roof is missing tiles, the bathroom taps are dripping, the front door doesn't lock properly, the hallway needs redecorating and there are worrying cracks in the foundations. I don't know where to start. The security problems with the application I've recently (hypothetically) joined are similarly vexing and diverse. It has deprecated dependencies to older versions of software libraries. It could be misconfigured using insecure protocols.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.