Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CI CD

securitysenses

Testing Authorization Policies in CI/CD Environments: Best Practices

Feb 14, 2025 By SecuritySenses In SecuritySenses
When you're nearing bringing a new update to production, you may rather not want to realize that everyone and anyone has complete open access to sensitive data, just before you're about to deliver the update. Misconfiguring or properly not configuring an authorization policy could lead to a scenario just like that. Things move fast in the CI/CD environment, with code changes and constant deployments, so it's not hard to see how a security mistake can slip under the radar. But when it does, you can expect security breaches, regulatory violations, and huge losses, are swiftly follow. And you definitely want to prevent those.
Read Post
Spectral

Secure Your CI/CD Pipelines: 7 Best Practices You Can't Ignore

Feb 12, 2025 By Eyal Katz In Spectral
What’s the difference between an unsupervised toddler with markers and an unsecured CI/CD pipeline? Both look fine at first, but chaos is inevitable. While a toddler might scribble on walls, an unsecured pipeline invites attackers to wreak havoc on your digital assets. Cleaning up after either is tough—prevention is smarter. The CrowdStrike 2024 report reveals that cloud-conscious intrusions skyrocketed by 110% in 2023.
Read Post
sysdig

How to secure every stage of the CI/CD pipeline with Sysdig

Dec 12, 2024 By Marla Rosner In Sysdig
Securing operations in the cloud can seem daunting. To protect your organization, you need to have the proper preventative and reactive safeguards in place at every step of the software development cycle. But it doesn’t have to be as complex as it sounds. This blog outlines how to secure the entire software development lifecycle, emphasizing the “shift left” approach, which aims to catch vulnerabilities and issues early in the development process to reduce both risks and costs.
Read Post
Spectral

GitHub actions vs. Jenkins for CI/CD Pipelines

Dec 4, 2024 By Eyal Katz In Spectral
There’s an age-old saying you can tell an engineer’s age by their preferred CI/CD (continuous integration and continuous delivery) tool. Depending on who you talk to, the battle-tested Jenkins remains their weapon of choice, while GitHub Actions is the new kid on the block turning heads. However, here’s something that might surprise you – about half of all developers spend less than 20 hours per week on actual software development tasks.
Read Post
panoptica

Securing Continuous Integration and Delivery Pipelines

Oct 18, 2024 By By: Becca Gomby In Panoptica
Modern software development teams will have individual preferences about whether to use IDEs or which testing framework or coding convention to adopt. However, for teams that want to deliver high-quality software at a rapid pace, continuous integration and continuous delivery (CI/CD) is a must-have. Mature, high-performing dev teams lean heavily on their CI/CD pipeline. Because of this heavy dependence on CI/CD, ensuring the security of your CI/CD pipeline is incredibly important.
Read Post
foresiet

Cisco's CI/CD Pipeline Weaknesses:Hard-Coded Credentials & Misconfigurations Revealed

Oct 16, 2024 By Foresiet In Foresiet
In recent weeks, reports have surfaced regarding a significant breach involving Cisco, exposing sensitive data from various organizations. This blog post delves into the details of the breach, the compromised data, the implicated companies, and the methods used by attackers to gain access to such critical information.
Read Post
gitprotect

Exploring Best Practices and Modern Trends in CI/CD

Jul 24, 2024 By Miłosz Jesis In GitProtect
Let’s start with statistics: continuous integration, deployment, and delivery is among the top IT investment priorities in 2023 and 2024. To be exact, according to GitLab’s 2024 Global DevSecOps report, it is on the 8th place (and security is the top priority!). However, it shouldn’t be surprising, as CI/CD practice brings a lot of benefits to IT teams – it helps to accelerate software delivery and detect vulnerabilities and bugs earlier.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.