Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

I can use VS Code to hack into your development environment

Jun 8, 2021 By Snyk In Snyk
We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.
View Video

How to Measure Your Application Security Program in a Cloud Native World

Jun 7, 2021 By Snyk In Snyk
The traditional way of measuring the effectiveness of our application security programs doesn't translate into the new age of cloud transformation and DevOps software delivery. So, which metrics should we be looking at – and how do you measure them accurately? In this recording, Snyk Field CTO, Simon Maple, sits down with Alyssa Miller, BISO at S&P Global and Nick Vinson, DevSecOps Lead at Pearson, to discuss their different approaches to measuring security in a cloud native world.
View Video

CloudCasa Demo - How to Backup your DigitalOcean Kubernetes with CloudCasa

Jun 4, 2021 By CloudCasa In CloudCasa
Learn how to do the 1-Click deployment from the DigitalOcean Marketplace to backup your Kubernetes resources and application data with CloudCasa. CloudCasa provides a free service tier that includes backups of Kubernetes resource data and snapshot management for persistent volumes. The free service tier permits an unlimited number of clusters and worker nodes per user or organization with up to 30 days of backup data retention, and it now includes Amazon RDS snapshot management with multi-region copies, with other managed databases to come.
View Video
mend

Docker Vs. Kubernetes: A Detailed Comparison

Jun 3, 2021 By Patricia Johnson In Mend

The Docker vs. Kubernetes debate is common in the containerization world. Although most people like comparing Kubernetes and Docker, the two technologies are not exchangeable—you cannot choose one over the other. They are essentially discrete technologies that can perfectly complement each other when creating, delivering, and scaling containerized applications. In fact, the best at par comparison would be Docker Swarm vs. Kubernetes, which we’ll talk about later.

Read Post
Snyk

Python now fully supported in Snyk Code

Jun 3, 2021 By Frank Fischer In Snyk

Earlier this year, we announced the beta support for Python in Snyk Code. This beta period gave us the chance to let customers have access to our extensive collection of Python rules while we finished our knowledge base review and added curated content. We are happy to announce that this work has concluded, and Python is now a fully supported language. 🐍 🎉

Read Post
Snyk

Mitigating and remediating intent-based Android security vulnerabilities

Jun 2, 2021 By Kirill Efimov, Raul Onitza-Klugman In Snyk

In previous posts we explored the potential for intent-based Android security vulnerabilities and then used Snyk Code to find exploits in popular apps on the Google Play store. If you know Snyk, you also know there’s no way we can just point out vulnerabilities and not recommend fixes. Analyzing such an extensive dataset enabled us to review a lot of code.

Read Post

Introduction to Bytesafe in 1 min

Jun 1, 2021 By Bytesafe In Bytesafe
A quick introduction to secure package management with Bytesafe. Your code is your business and we know how hard it can be to manage JavaScript securely. With Bytesafe you have a secure by default solution that continuously monitors your dependencies. Learn more: When working with JavaScript packages, securing your software supply chain should be a priority. Stay up to date with insights of the open source code you use and issues that need to be remediated.
View Video
jfrog

Going Beyond Exclude Patterns: Safe Repositories With Priority Resolution

Jun 1, 2021 By Baruch Sadogursky In JFrog

You probably remember the Namespace Shadowing a.k.a. “Dependency Confusion” attack that was in the news a couple of weeks ago. I blogged back then about the Exclude Patterns feature of JFrog Artifactory which we’ve had forever and was always intended to protect you against those kinds of attacks.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.