Tag: Software Supply Chain Security
GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs
If left unpatched, the vulnerability in the code repository could let threat actors run malicious code and access sensitive information ...
Why DevOps is Key to Software Supply Chain Security
Kirsten Newcomer | | devops, devsecops, IT Service Delivery, SBOM (Software Bill of Materials), shift left security, Software Supply Chain Security, supply chain attacksOrganizations can maintain their DevOps momentum while protecting the software supply chain by shifting security left ...
Techstrong Research: Combatting CI/CD Security Anti-Patterns
Mitch Ashley | | CI/CD, continuous delivery, continuous integration, devsecops, security, Software Supply Chain Security, Techstrong ResearchTechstrong Research finds the imperative to secure the software supply chain and CI/CD pipelines is undeniable and urgent ...
Checkmarx Report Details Havoc Caused by ‘Everything’ Package on NPM Registry
A Checkmarx report details an 'Everything' package distributed via the NPM registry that cripples any machine used to download it ...
GitGuardian Adds Tool for Discovering Secrets in Public Repositories
Mike Vizard | | code repositories, GitGuardian, Secrets, secrets management, Software Supply Chain Security
GitGuardian added a tool that makes it possible for DevOps teams to search GitHub repos to determine if secrets have inadvertently found their way into other apps ...
Summit Highlights Open Source Software Security Progress
The OpenSSF hosted a Secure Open Source Software (SOSS) Summit 2023 event during which it made available a Secure Open Source Software Vision Brief 2023 ...
Stop Leaking Secrets!
Jasmine Noel | | circleCI, CodeCov, exposed secrets, secret detection, secret leaks, software development pipeline, software development secrets, software supply chain risks, Software Supply Chain Security
All too often, software teams trip over complexities and inadvertently leave secrets exposed in private and public software repositories ...
I Guess This is Growing Up: Devs and CISA’s Secure-by-Design Guidelines
With the downward pressure of a global recession, inflation and general post-pandemic turbulence underpinning disruption to multiple facets of life, it seems only fair that we in the IT, software and security ...
The Role of SBOMs in Software Supply Chain Security
The software supply chain has become increasingly complex and dynamic with the rise of cloud computing, open source software and third-party software components and APIs. Widespread damage can occur if third-party APIs, ...
Despite DevOps, Software Supply Chain Security Challenges Persist
Mike Vizard | | devops best practices, devsecops, Enterprise Strategy Group, Software Supply Chain Security, workflows
A survey of 397 IT, cybersecurity and application development professionals conducted by Enterprise Strategy Group (ESG) found that while most respondents work for organizations that have adopted DevOps practices, multiple software supply ...
ReversingLabs: Increased Focus on Software Supply Chain Security
A global survey of 300 global executives, technology and security professionals found software containing vulnerabilities (82%) followed by secrets leaked through source code (55%), malicious code (52%) and suspicious code (46%) posed ...
How DevSecOps Addresses Supply Chain Security
Gaurav Belani | | devsecops, software development, software security, Software Supply Chain Security, supply chain
“The absence of security in the initial stages of system engineering is the single most significant cybersecurity gap and risk in modern system development.” This quote from tech entrepreneur Linda Rawson is ...
