DevOps

Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices

Apr 5, 2022 By Mend In Mend

WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. WhiteSourceSoftware.com

View Video

Mend

Read more about Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices

Snyk Open Source adds C/C++ security scanning for unmanaged dependencies

Apr 5, 2022 By Michal Brutvan In Snyk

We’re happy to announce the general availability of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source library dependencies. 2:21

Read Post

Snyk

Read more about Snyk Open Source adds C/C++ security scanning for unmanaged dependencies

Sysdig and Snyk: Complete Container Security (Demo)

Apr 5, 2022 By Snyk In Snyk

In this demo video, learn about how you can achieve end-to-end container security through Snyk and Sysdig's partnership.

View Video

Snyk

Read more about Sysdig and Snyk: Complete Container Security (Demo)

Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Apr 5, 2022 By Ori Bach EVP of Product In Mend

With more than 38 percent of our customers impacted by the recently discovered Spring4 Shell zero-day vulnerability and more than 33 percent of impacted organizations having already remediated (removed) some or all their vulnerable libraries, I have been involved in many conversations over this incident.

Read Post

Mend

Read more about Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Setting Up an SSH Bastion Host

Apr 4, 2022 By Ev Kontsevoy In Teleport

What is an SSH bastion and how is this different from an SSH jump server or an SSH proxy? In this post, we’ll answer this question and will show you how to set it up using two popular open source projects. Both Teleport and OpenSSH support bastions, and they are extremely similar as they are both single-binary Linux daemons. Both require a simple configuration file usually stored somewhere under /etc/.

Read Post

Teleport

Read more about Setting Up an SSH Bastion Host

Developer-First Security in Atlassian Bitbucket Cloud, Bitbucket Pipelines, and Jira with Snyk

Apr 2, 2022 By Snyk In Snyk

Find, prioritize and fix security vulnerabilities in your open source dependencies and container images throughout your development workflow – all without leaving Atlassian Bitbucket Cloud, Bitbucket Pipelines, or Jira.

View Video

Snyk

Read more about Developer-First Security in Atlassian Bitbucket Cloud, Bitbucket Pipelines, and Jira with Snyk

What's Next for Log4j: Tales from the Trenches

Apr 1, 2022 By Rezilion In Rezilion

The recently discovered flaw in Apache’s popular open source logging library for Java, Log4j, could wreak havoc for years to come. Analysts are predicting it could take as long as five years to finish patching related security flaws because of the widespread adoption of the logging library and the complexity involved in maintaining third-party software libraries.

Read Post

Rezilion

Read more about What's Next for Log4j: Tales from the Trenches

Browsers tormented by open roll vulnerability

Apr 1, 2022 By Kyle Suero, Aviad Hahami In Snyk

“Never click unexpected links!” Ever hear someone yell this? Virtually every person in tech has a healthy suspicion of random links; it is for a good reason. Every now and then there are huge leaks from industry leaders as a result of a targeted campaign. One of the most reliable ways to “phish” someone, or exfiltrate their credentials, is to abuse an open redirect vulnerability in a safe-looking website and redirect the victims to a malicious one.

Read Post

Snyk

Read more about Browsers tormented by open roll vulnerability

Automated Software Supply Chain Attacks: Should You be Worried?

Apr 1, 2022 By Tamir Ben Ari In Mend

From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.

Read Post

Mend

Read more about Automated Software Supply Chain Attacks: Should You be Worried?

The DevOps Guide To Vulnerability Management Tools In 2021

Apr 1, 2022 By Spectral

Imagine you are in charge of maintaining data for some of the most secretive government offices and powerful business entities globally. You have a significant investment in your security apparatuses protecting that knowledge. For years you haven't had a single blip or incident to cause any suspicion. Then the unthinkable happens, and from a single weak point, your entire network is compromised by malicious code hidden in an innocuous update.

Get EBook

Spectral

Read more about The DevOps Guide To Vulnerability Management Tools In 2021

Subscribe to DevOps

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices

Snyk Open Source adds C/C++ security scanning for unmanaged dependencies

Sysdig and Snyk: Complete Container Security (Demo)

Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation

Setting Up an SSH Bastion Host

Developer-First Security in Atlassian Bitbucket Cloud, Bitbucket Pipelines, and Jira with Snyk

What's Next for Log4j: Tales from the Trenches

Browsers tormented by open roll vulnerability

Automated Software Supply Chain Attacks: Should You be Worried?

The DevOps Guide To Vulnerability Management Tools In 2021

Monthly Archive

Follow Us