WhiteSource for Developers Announcment
Keep your open source components secure and compliant with native browser, IDE and repositories integration using WhiteSource for Developers.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Webinar | How Decisiv Scaled Global Remote SSH Access and Remained Compliant With Teleport
Learn how Decisiv provides secure access to developers and deals with compliance hurdles. Senior Engineer Hunter Madison will talk about how Decisiv needed to quickly solve the pain of scaling the engineering team, migrating to AWS, maintaining ISO 27002 compliance, and a few of his key learnings from his two-year journey using Teleport.
How To Use Teleport - Using Slack With Approval Workflow
This video walks through how to configure Slack with the Teleport Approval Workflow. More detailed instructions are available in the Teleport Admin Guide.
Security Policy Self-Service for Developers and DevOps Teams
In today’s economy, digital assets (applications, data, and processes) determine business success. Cloud-native applications are designed to iterate rapidly, creating rapid time-to-value for businesses. Organizations that are able to rapidly build and deploy their applications have significant competitive advantage.
Our Favorite Web Vulnerability Scanners
Web vulnerability scanners crawl through the pages of web applications to detect security vulnerabilities, malware, and logical flaws. They do this by generating malicious inputs and evaluating an application’s responses. Often referred to as dynamic application security testing (DAST), web vulnerability scanners are a type of black-box testing; they perform functional testing only and don't scan an application’s source code.
How I Found Myself in a Command Line vs. GUI Meeting
“Ev, do you have time later today to discuss the new web GUI for the command line terminal?” said the Slack message. It came from Alex, our user experience chief and the product in question is the SSH client. Part of me was worried. The command line environment had a sanctuary where I found peace and happiness away from the world of browser-based tools.
Webinar | Best Practices for SSH + Auditing w/ Panther | Gravitational | Gus Luxton | Jack Naglieri
In this webinar, Ev hosts a conversation with Gus Luxton, Gravitational DevOps Engineer, and Jack Naglieri, CEO of Panther Labs, about SSH, why certificate authorities are a must have, how to audit that activity, and what to do with those audit logs once you have them. Both Gus and Jack demo the open source platforms that they are working on Teleport, and Panther.
License Compatibility: Combining Open Source Licenses
Free and open source software (FOSS) components have become the basic building blocks of our software products, helping today’s developers build and ship innovative products faster than ever before. Many developers tend to forget that while open source licenses are free, they still come with a set of terms and conditions that users must abide by.
Integrating the Risk Management Framework (RMF) with DevOps
Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.
SSH vs. kubectl exec
Let’s have a look at two popular ways of opening remote shells: the good ol’ ssh and its modern counterpart, kubectl exec. Below, I will only look at the “kubectl exec” subcommand and its friends. kubectl itself is a swiss-army knife for all things Kubernetes. Comparing all of it to ssh is like comparing systemd to BSD init. Also, I will use “SSH” to mean “OpenSSH”, which is the de-facto standard for SSH protocol implementation.