More than 90% of applications will be cloud-native by 2023. As organizations transition from monolithic, on-premise environments to dynamic cloud-based ones, ensuring access control becomes more critical — and complex. That’s why I co-created Open Policy Agent, also known as OPA. OPA unifies policy enforcement across the cloud-native stack.
Today, we announced our entrance into the Static Application Security Testing (SAST) market. It’s a significant development for WhiteSource, which has until now been solely focused on open source software security. In this post, I explain why we decided to make this move beyond open source into proprietary code security, and the value it will bring to developers, security teams, and their organizations.
We’re excited to announce that our Snyk Business plan will now be available as a free trial. Many developers love Snyk products, but the true power of our platform is displayed when it’s used across an organization. No company wants to navigate a security incident, but ensuring that your entire SDLC is protected can be a challenge. The Snyk Business plan gives your organization access to empowering and easy-to-use tools to ensure nothing slips through the cracks.
Kubernetes is an API-centric orchestration platform. Every request, from the cluster components to users interacting with the system, has to go through the API server. The API server is a component in the control plane, and acts as a gatekeeper for the operation requests originating from both inside and outside of the cluster.
Being a sysadmin is definitely not for the average human being. You have to always be ready to help people, fight hackers, use tech gadgets … actually, a sysadmin’s typical day sounds a lot like the life of a superhero! But even superheroes have a dark side. We asked our sysadmin community to share some naughty things they’ve ever done — or keep doing. Naturally, their responses will remain anonymous due to the delicacy of the topic!
JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to CVE-2021-44521 (CVSS 8.4). This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra.
Managing resources in early versions of Kubernetes was a straightforward affair: we could define resources with YAML markup and submit these definitions to the cluster. But this turned out to require too much manual work, and at too low of a level. The next step in the evolution of Kubernetes was to use Helm charts. Sometimes called “the package manager for Kubernetes,” Helm allowed developers to share entire application setups using a templating language.
The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.
There are essentially four ways you can implement passwordless SSH access. SSH certificate-based authentication, SSH key-based authentication, SSH host-based authentication, or using a custom PAM module that supports out-of-band authentication. If you want to live dangerously, there’s also a fifth method of passwordless access — disable authentication at all. But that’s not who you are!
On January 30, 2022, , the Argo CD team was contacted by researchers at Apiiro regarding a vulnerability they had discovered in the popular continuous delivery platform that could allow bad actors to steal sensitive information from deployments. The Argo CD team was able to quickly develop fixes for all three of their currently supported releases and publish them to their users within 48 hours.
