Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

mend

Why Manually Tracking Open Source Components Is Futile

Oct 1, 2020 By Julie Peterson In Mend

Open source is everywhere. Everyone is using it. Open source code is found in almost every proprietary software offering on the market and is estimated to make up on average 60%-80% of all software codebases in 2020. Why the proliferation? Open source libraries help developers write code faster to meet the increasingly shorter release cycles under DevOps pipelines. Instead of writing new code, developers leverage existing open source libraries to quickly gain needed functionality.

Read Post
styra

API Authorization at the Gateway with Apigee, Okta, and OPA (Part 2)

Sep 30, 2020 By Ash Narkar In Styra

This is the second post in a two-part series about enforcing API authorization policies using Apigee, Okta and OPA. While the first post explained how to set up all three to work together, this post dives into detail on the policies that go along with the working code. The application we will be discussing is based on a hypothetical medical insurance provider Acme Health Care.

Read Post
armo

What makes ARMO customers immune - by design - against vulnerabilities like the recently discovered CVE-2020-14386?

Sep 30, 2020 By Leonid Sandler In ARMO

CVE-2020-14386 is yet another severe vulnerability that was recently discovered in the Linux kernel. It reminds us that the fight against vulnerabilities is not over. This particular one allows a regular application to escalate its privileges and gain root access to the machine. Indeed, it sounds scary.

Read Post
synopsys

Can SAST tools improve developer productivity?

Sep 30, 2020 By Ashutosh Kumar In Synopsys

Organizations are increasingly agile today, producing and deploying software applications faster than ever before. But this requires all the elements in the software development life cycle (SDLC) to work together cohesively. Security practices in the SDLC become especially important, given that more than half of security flaws result from preventable coding mistakes. Ensuring that developers are on board with security practices is even more critical to improve the process efficiency.

Read Post

Best Practices: Onboarding Jfrog Xray

Sep 30, 2020 By JFrog In JFrog
JFrog Xray is a Software Composition Analysis tool (SCA) which is tightly integrated with JFrog Artifactory to ensure security and compliance governance for the organization binaries throughout the SDLC. This video provides best practices learned from customers for successfully deploying JFrog Xray into your organization and performing a real Shift-Left. It will focus on two keys to success, 1. involving R&D and 2. starting small and working in cycles.
View Video

iDevNews Application Architecture Summit 2020 | RBAC for SSH and Kubernetes Access with Teleport

Sep 28, 2020 By Teleport In Teleport
Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, Solution Engineer at Gravitational, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.
View Video

Demo | Access Workflow Integration Using Pager Duty | Privileged Access Management | Teleport

Sep 26, 2020 By Teleport In Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations . These requests can be approved or denied in PagerDuty or anywhere else via a flexible Authorization Workflow API.
View Video
mend

Black Box Testing: What You Need to Know

Sep 24, 2020 By Patricia Johnson In Mend

Today’s software development life cycle includes a variety of quality and security testing techniques at every stage. Frequent testing throughout the DevOps pipeline is imperative considering the ever-increasing pace of development. One of the most common testing methods that companies use to ensure the products they are pushing out are secure and high-quality is black box testing.

Read Post
styra

API Authorization at the Gateway with Apigee, Okta and OPA (Part 1)

Sep 24, 2020 By Ash Narkar In Styra

API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).

Read Post

Escape The Ticketing Turmoil | Slack/PagerDuty Integrations | Teleport Workflow API

Sep 23, 2020 By Teleport In Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations. These requests can be approved or denied via ChatOps in Slack, in PagerDuty, or anywhere else via a flexible Authorization Workflow API.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.