Mend.io Launches New Version of Mend for Containers
New Features Protect Cloud-Native Applications from Vulnerabilities and License Risks Throughout Software Development Lifecycle.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
DevOps
THEY DID WHAT!? Auditing a security breach using Enterprise OPA decision logs and AWS Athena
You will learn how to use the Enterprise OPA Enhanced Decision Logs feature to configure Enterprise OPA (EOPA) to upload decision logs to an AWS S3 bucket so that they can be queried using AWS Athena. In mid to large sized deployments of EOPA, immense quantities of decision logs can be generated, necessitating big data tools such as Athena. This can be useful for security breach auditing, auditing access decisions, and for business intelligence in general.
DevOps Speakeasy with Brett Smith
We caught up with Brett Smith, Software Architect at SAS. In his session, Supply Chain Robots, Electric Sheep, and SLSA Brett discusses creating automation, shifting left, attack vectors, attestation, verification, zero trust, and how the SLSA specification helps implement solutions for each. Most importantly, security must apply throughout a pipeline. The talk will lead to a larger discussion about the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
DevOps Speakeasy with Tracy Ragan
This episode of DevOps Speakeasy features Tracy Ragan, CEO of DeployHub and CDF board member. Ragan joins us to discuss how to secure your DevOps pipeline with new security tools. There has been a security awakening among IT teams around the world. This awakening has resulted in the release of new open source tools that you can use today. From hardening the build process to gathering actionable supply chain intelligence. Her session will review the new generation of open source security tools to incorporate into your security strategy.
The state of stateful applications on Kubernetes
Kubernetes has become one of the most popular platforms for running cloud-native applications. This popularity is due to several factors, including its ease of use and ability to handle stateless applications. However, running stateful applications, such as databases and storage systems, on Kubernetes clusters is still debatable. In other words, does Kubernetes and its containerized ecosystem provide a solid and reliable infrastructure to run such critical applications?
Mend.io Supply Chain Defender
Mend Supply Chain Defender helps protect enterprises against software supply chain attacks. It detects and blocks malicious open source packages before your developer can download them — and before they can pollute your codebase with malicious activity. Mend Supply Chain Defender has already detected and reported thousands of malicious packages that were swiftly removed from their registries, to protect open source users from accidentally installing malicious code.
Mend.io JIRA Security Dashboard Integration
Overview The Mend Jira Security Dashboard is a new option included in the Jira Cloud plugin that provides a centralized view of security issues and risks across all Jira projects, making it easier for you and your teams to prioritize and address security concerns. Use cases for the Jira Security Dashboard The Mend Jira Security Dashboard addresses the following scenarios: As an AppSec Manager, it is imperative to have real-time visibility into the overall security health of your development teams' applications within your issue-tracking tool, Jira.
The Role of Leadership in Successful DevSecOps Adoption
Customer Speakers: Woolworths | Pablo Reyes, AppSec Lead Shopback | Dipin Thomas, Engineering Manager Coinhako | Metarsit Leenayongwut, Engineering Manager Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
How to Secure Communication Between Microservices
The migration to microservice architecture from monolithic applications is happening en masse as enterprises realize its scalability and efficiency benefits. According to an IBM report1, 56% of nonuser organizations plan on adopting the microservice architecture by 2023. Breaking an application into small, loosely coupled services lets independent teams quickly design and deploy these components.
How to Restore Velero Backup Data Without Velero
Velero is the most popular tool for backing up and restoring Kubernetes cluster resources and persistent volumes. However, there may be situations where you need to restore Velero backup data without using Velero itself. For example, if Velero is not installed and configured correctly, or if more fine-grained restore control is required. In this post, we will explore how to do this when either Restic or Kopia was used by Velero to store the persistent volume (PV) data.