DevOps

Snyk Hierarchy Best Practices - More than Groups and Orgs

May 17, 2023 By Snyk In Snyk

What can startups and large enterprises have in common? Different organizational structures that cause friction when bringing in and rolling out a new tool. If you are familiar with Snyk, you’ll know that Groups can hold many organizations, and Organizations contain Projects. But that does not stop there… Each node in the organizational layer has different reporting, access control as well as security and license policy settings.

View Video

Snyk

Read more about Snyk Hierarchy Best Practices - More than Groups and Orgs

Critical PaperCut Vulnerability CVE-2023-27350 Exploited by Threat Actors

May 16, 2023 By Rezilion In Rezilion

In this blog post, we detail PaperCut Vulnerability CVE-2023-27350. On March 8th, PaperCut released new versions that contained security updates and addressed two recently discovered CVEs – CVE-2023-27351 and CVE-2023-27350. Today, we will focus on CVE-2023-27350, which was reported by the Zero Day Initiative (ZDI-23-233). This vulnerability is a critical remote code execution flaw with a severity score of 9.8.

Read Post

Rezilion

Read more about Critical PaperCut Vulnerability CVE-2023-27350 Exploited by Threat Actors

Dependency Management: A Guide and 3 Tips to Keep You Sane

May 16, 2023 By Adam Murray In Mend

Managing dependencies is not for the faint of heart. For a single project, you may be able to keep up with dependencies on your own. For software codebases with hundreds of modules, however, even the most seasoned developer will quickly descend into dependency hell. Don’t worry: dependency hell has happened to the best of us! There are some things you can do to keep yourself sane and improve application security.

Read Post

Mend

Read more about Dependency Management: A Guide and 3 Tips to Keep You Sane

Protecting the supply chain in 2023 - Interview with Feross Aboukhadijeh

May 15, 2023 By GitGuardian In GitGuardian

CEO of socket shares his thoughts on why the supply chain is the biggest risk for 2023 and how we can secure it. This interview was part of an entire episode on The Security Repo podcast dedicated to the insights from the 2023 RSA conference.

View Video

GitGuardian

Read more about Protecting the supply chain in 2023 - Interview with Feross Aboukhadijeh

How to Create a CycloneDX SBOM Using Mend

May 15, 2023 By Mend In Mend

In this short video, we will demonstrate how to create an NTIA compliant Software Bill of Materials for applications that have been scanned using Mend in the CycloneDX format. ...

View Video

Mend

Read more about How to Create a CycloneDX SBOM Using Mend

4 things to identify and fix in your GPOs

May 12, 2023 By General In ManageEngine

Group Policy Objects (GPOs) act as a security layer in your infrastructure. They enforce rules, regulate permissions, and affect policies across the network. Do you want to assign additional privileges to certain groups? Delete a security group? Modify password policies across the network? Prevent software installations on critical systems? All of these and more can be accomplished using GPOs.

Read Post

ManageEngine

Read more about 4 things to identify and fix in your GPOs

How to integrate Calico Image Scanner with Argo CI/CD

May 12, 2023 By Rui De Abreu In Tigera

In today’s fast-paced software development environment, developers often use common public libraries and modules to quickly build applications. However, this presents a significant challenge for DevOps teams who must ensure that these applications are safe to use.

Read Post

Tigera

Read more about How to integrate Calico Image Scanner with Argo CI/CD

How to Handle Secrets in Terraform

May 12, 2023 By Guest Expert In GitGuardian

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

Read Post

GitGuardian

Read more about How to Handle Secrets in Terraform

Software Composition Analysis Explained

May 11, 2023 By Julie Peterson In Mend

Open source code is everywhere, and it needs to be managed to mitigate security risks. Developers are tasked with creating engaging and reliable applications faster than ever. To achieve this, they rely heavily on open source code to quickly add functionality to their proprietary software. With open source code making up an estimated 60-80% of proprietary applications’ code bases, managing it has become critical to reducing an organization’s security risk.

Read Post

Mend

Read more about Software Composition Analysis Explained

Kubescape & Jit

May 11, 2023 By Aviram Shmueli In ARMO

Kubescape is an open-source, CNCF sandbox, end-to-end Kubernetes security tool designed to assess the security posture of Kubernetes clusters created by ARMO. It helps identify security risks and misconfigurations that could potentially be exploited by attackers, and provides automatic assistance to remediate them. Kubescape was launched less than two years ago, in August 2021, and already has more than 8.3K stars on GitHub, and over 100 open-source contributors.

Read Post

ARMO

Read more about Kubescape & Jit

Subscribe to DevOps

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Snyk Hierarchy Best Practices - More than Groups and Orgs

Critical PaperCut Vulnerability CVE-2023-27350 Exploited by Threat Actors

Dependency Management: A Guide and 3 Tips to Keep You Sane

Protecting the supply chain in 2023 - Interview with Feross Aboukhadijeh

How to Create a CycloneDX SBOM Using Mend

4 things to identify and fix in your GPOs

How to integrate Calico Image Scanner with Argo CI/CD

How to Handle Secrets in Terraform

Software Composition Analysis Explained

Kubescape & Jit

Monthly Archive

Follow Us