Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

2023 Kubernetes vulnerabilities roundup

Dec 28, 2023 By Ben Hirschberg In ARMO
Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The Common Vulnerabilities and Exposures (CVE) database serves as a valuable resource, offering insights into known weaknesses even when fixes are unavailable. This empowers organizations to make informed decisions about prioritizing mitigation strategies and protecting their systems.
Read Post

GitGuardian - Your code security platform

Dec 22, 2023 By GitGuardian In GitGuardian
In an era where digital security is paramount, GitGuardian stands as your ultimate code security solution. Presented by Mackenzie Jackson, a Developer Advocate at GitGuardian, this video unveils the platform's cutting-edge features designed to bolster your software supply chain. GitGuardian is your comprehensive safeguard, exposing and protecting critical assets across your supply chain. From Secrets Detection to Infra as Code Security and the powerful Honeytoken, this platform equips you to proactively secure your code.
View Video

Check if your secrets have leaked on GitHub - Has My Secret Leaked Demo

Dec 22, 2023 By GitGuardian In GitGuardian
Since 2017 GitGuardian has been monitoring all public activity on GitHub. Now in a new product called Has My Secret Leaked you can check if your secrets on GitHub. In this video, Mackenzie runs through how to use both the web interface and CLI tool GGShield to check if your secrets have ever been exposed on GitHub, regardless of if they have since been deleted. Has My Secret Leaked is a service that will first create a secure hash of your secret locally then match it to other hashes in the GitGuardian database.
View Video
mend

The Challenges for License Compliance and Copyright with AI

Dec 21, 2023 By Jeff Martin In Mend
So you want to use AI-generated code in your software or maybe your developers already are using it. Is it too risky? Large language model technology is progressing at rapid speeds, and policy makers are ill-equipped to catch up quickly. Anything resembling legal clarity may take years to come about. Some organizations are deciding not to use AI at all for code generation, while others are using it cautiously — but everyone has questions.
Read Post
armo

Vulnerability prioritization in Kubernetes: unpacking the complexity

Dec 21, 2023 By Oshrat Nir In ARMO
In the rapidly evolving world of container orchestration, developers have come to rely on Kubernetes to manage containerized applications. However, as Kubernetes adoption increases among organizations, ensuring the security of Kubernetes environments becomes essential. One particularly significant aspect to consider is vulnerability prioritization. It’s essential to understand that chasing after the highest CVSS scoring vulnerabilities might not always align with real-world threats.
Read Post
CalCom

Vulnerability Remediation for Servers: Beyond Just Patching

Dec 21, 2023 By John Gates In CalCom
To understand vulnerability remediation one must first understand remediation in cyber. Remediation refers to the process of addressing and resolving security vulnerabilities or incidents that could potentially pose a threat to an organization’s information systems, data, or network.
Read Post
armo

Under the hood of CVE patching

Dec 19, 2023 By Oshrat Nir In ARMO
Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates to software (patching) to address security vulnerabilities. CVE patching is your shield against the threat of malicious actors exploiting such weaknesses and is of crucial importance for every organization’s cybersecurity. This post will cover the basics of CVE patching: the roles and stakeholders, the step-by-step process, and common mistakes to avoid.
Read Post
jfrog

N-Day Hijack: Analyzing the lifespan of package hijacking attacks

Dec 14, 2023 By Yair Mizrahi In JFrog

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case study conducted by our security research team, in an effort to trace the typical time before a package hijack is detected.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.