A new generation of OTA updates for Linux devices with Jfrog Connect
Discover how you can update, control, monitor and secure remote Linux & IoT devices, at scale, with the click of a button.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Why You Should Get Started with the Rego Policy Language
The Rego policy language is the backbone of Open Policy Agent (OPA), the policy enforcement tool that helps simplify cloud-native development at scale. With OPA Rego policy, the result is a reduced manual authorization burden, improved accuracy, and quicker time to market. But yes, there’s a learning curve, which makes Rego a main barrier to using OPA. You might be hesitant about the time investment needed to learn a new, highly specified language.
New Integrations Just Announced: CircleCI and Travis CI
Since working on a spreadsheet, you and your team have come a long way. You’re enjoying the ease of working in TrustOps because it automates control mapping, test creation, and evidence workflows. However, you’re looking for ways to save a bit more time, so you can focus on your day job and growing list of priorities. Collecting evidence to validate compliance controls takes time and affects your team’s productivity, including HR, IT, and DevOps.
Kubernetes version 1.25 - everything you should know
Kubernetes' new version - version 1.25 - will be released on Tuesday 23rd August 2022, and it comes with 40 new enhancements in various areas and numerous bug fixes. This blog will focus on the highlighted changes from each special interest group (SIG) in the upcoming release and ensure you are confident before upgrading your clusters.
Group Policy Guide for Baseline Hardening
A safe and secure environment is prioritized by every type of organization and configuring some basic Group Policy Settings properly, can help in achieving this task. Also, by using Group Policies correctly a user’s computer can be protected from threats and breaches.
Vulns Unleashed: Dompdf
During this live stream, we explored the vulnerability known as Dompdf. We looked at what DomPDF is, how DomPDF makes your applications vulnerable, and most importantly what you can do to protect yourself.
Code repository scanning & Container image registry scanning with Kubescape
New exciting Kubescape features have recently landed - Code repository scanning & Container image registry scanning! By enhancing Kubescape's security posture capabilities, you will be able to embed security even earlier in the SDLC (Software Development Lifecycle) and in a broader range of places in your CI/CD pipeline.
Mining Malware History for Clues on Malicious Package Innovation
Malware has come a long way since it first made the scene in the late 1990s, with news of viruses infecting random personal computers worldwide. These days, of course, attackers have moved beyond these humble roots. Now they deploy a variety of innovative techniques to extract large amounts of money from businesses around the world. A similar development is taking place with malware’s upstart cousin – the emergence of malicious packages being uploaded to package registries.
The One-Stop Kubernetes Security Checklist
Securing your Kubernetes environments may seem daunting at first, given how many different parts must be individually protected. Still, with the proper organization, you can make Kubernetes security much simpler and more effective. We’ve put together a complete Kubernetes security checklist of best practices and security recommendations to help you keep track of your progress. To make this a little easier, we’ve divided this checklist into the following sections.
Why You Need to Ditch Passwords, Private Keys, and All Other Forms of Secrets
Despite the steady drumbeat of news stories on security breaches caused by compromised credentials, 70% of teams still use secrets such as private keys or passwords to grant infrastructure access. In this webinar, we’ll cover why all forms of secrets are bad for you and your business, and why MFA is not good enough. We'll cover how the adoption of Passwordless Authentication and related hardware technologies like TPMs and HSMs fix a slew of problems, including making phishing attacks a thing of the past.