Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

sysdig

Image scanning for Google Cloud Build

Oct 6, 2020 By Vicente Herrera García In Sysdig

In this article, you will learn how to add inline image scanning to a Google Cloud Build pipeline using the Sysdig Secure DevOps platform. We will show you how to create a basic workflow to build your container image, scan the image, and push it to a registry. We will also customize scanning policies to stop the build if a high-risk vulnerability is detected.

Read Post
upguard

Bitbucket vs GitHub [Updated for 2020]

Oct 2, 2020 By Abi Tyas Tunggal In UpGuard

If you boil it down to the most basic difference between GitHub and Bitbucket, it is that GitHub is focused around public code and Bitbucket is for private. GitHub has a huge open-source community and Bitbucket tends to have mostly enterprise and business users. Bitbucket vs Github: Two of the largest source code management services for development projects, offering a variety of deployment models from fully cloud-based to on-premise. Historically, they have taken different approaches to private vs.

Read Post
mend

Why Manually Tracking Open Source Components Is Futile

Oct 1, 2020 By Julie Peterson In Mend

Open source is everywhere. Everyone is using it. Open source code is found in almost every proprietary software offering on the market and is estimated to make up on average 60%-80% of all software codebases in 2020. Why the proliferation? Open source libraries help developers write code faster to meet the increasingly shorter release cycles under DevOps pipelines. Instead of writing new code, developers leverage existing open source libraries to quickly gain needed functionality.

Read Post
armo

What makes ARMO customers immune - by design - against vulnerabilities like the recently discovered CVE-2020-14386?

Sep 30, 2020 By Leonid Sandler In ARMO

CVE-2020-14386 is yet another severe vulnerability that was recently discovered in the Linux kernel. It reminds us that the fight against vulnerabilities is not over. This particular one allows a regular application to escalate its privileges and gain root access to the machine. Indeed, it sounds scary.

Read Post

Best Practices: Onboarding Jfrog Xray

Sep 30, 2020 By JFrog In JFrog
JFrog Xray is a Software Composition Analysis tool (SCA) which is tightly integrated with JFrog Artifactory to ensure security and compliance governance for the organization binaries throughout the SDLC. This video provides best practices learned from customers for successfully deploying JFrog Xray into your organization and performing a real Shift-Left. It will focus on two keys to success, 1. involving R&D and 2. starting small and working in cycles.
View Video

iDevNews Application Architecture Summit 2020 | RBAC for SSH and Kubernetes Access with Teleport

Sep 28, 2020 By Teleport In Teleport
Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, Solution Engineer at Gravitational, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.
View Video

Demo | Access Workflow Integration Using Pager Duty | Privileged Access Management | Teleport

Sep 26, 2020 By Teleport In Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations . These requests can be approved or denied in PagerDuty or anywhere else via a flexible Authorization Workflow API.
View Video
mend

Black Box Testing: What You Need to Know

Sep 24, 2020 By Patricia Johnson In Mend

Today’s software development life cycle includes a variety of quality and security testing techniques at every stage. Frequent testing throughout the DevOps pipeline is imperative considering the ever-increasing pace of development. One of the most common testing methods that companies use to ensure the products they are pushing out are secure and high-quality is black box testing.

Read Post

Escape The Ticketing Turmoil | Slack/PagerDuty Integrations | Teleport Workflow API

Sep 23, 2020 By Teleport In Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations. These requests can be approved or denied via ChatOps in Slack, in PagerDuty, or anywhere else via a flexible Authorization Workflow API.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.