Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


How to Start Your Journey as a Product Owner

The gap between Product Managers (PM) and R&D managers has existed since the beginning of the software industry. The PM wants to create the perfect product for their users, add shiny new features all the time, and support as many types of users as possible – while still maintaining a product that is well suited to them. PMs want to move fast. Devs, on the other hand, want to close tech debt, maintain a stable, secure, and robust system, and test every change extensively.

Building a secure CI/CD pipeline with GitHub Actions

GitHub Actions has made it easier than ever to build a secure continuous integration and continuous delivery (CI/CD) pipeline for your GitHub projects. By integrating your CI/CD pipeline and GitHub repository, GitHub Actions allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository or deploy merged pull requests to production.

What have we learned from scanning over 10,000 Kubernetes clusters with Kubescape?

With Kubernetes adoption continuing to rise, we've seen multiple studies add to the growing body of research for enterprise K8s deployments this past year. Companies leveraging managed services and packaged platforms drive much of the continued growth in adoption. An annual study conducted by the Cloud Native Computing Foundation (CNCF) found that 96% of organizations surveyed are either using or evaluating K8s currently.

Vulnerability Validation Increases Efficiency in DevSecOps

This is the second installment in a series about making DevSecOps work in your organization. In a previous post, we covered the first pillar of the DevSecOps model—discovery. In this post we discuss the second, which is validation. The reason this phase is so important to the DevSecOps model and for successful vulnerability management is that it’s the point where the software flaws that represent true risks are separated out from those that are not serious security risks.

Monitoring in Post Production

Our lives revolve around measuring things on a daily basis. Comparisons between today and yesterday, between different resources – a bevy of factors. On average, a person makes about 35,000 decisions a day, and many of these require comparison tools to make the right decision. Technological advances today are faster than ever, and as a result, devices and other assets are rapidly improving.

SSH Certificates: How Do OpenSSH Certificates Compare to X.509?

X.509 is the first thing that comes to mind when discussing digital certificates. After all, it is the most widely used digital certificate in the PKI ecosystem and is the core component of SSL/TLS protocols, the technology that powers HTTPS. X.509 was first released on 25 November 1988 and is powerful, extensible and widely supported. But it's not the only certificate format available out there. For example, the popular email encryption program PGP uses a custom certificate format instead of X.509.

The SBOM of the Future Must Be Dynamic

Companies are increasingly turning to a Software Bill of Materials (SBOM) to provide them with information about what is in their individual software environment. SBOMs have already shown promising results. In a study from the Linux Foundation, over 44% of respondents said that a software bills of materials (SBOM) improves some aspects of their development processes.