Artifactory Integration - Supply Chain Defender
This video in the series describes how Mend can integrate with Artifactory to detect and block malicious packages before they are downloaded.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Using Longhorn v1.3 CSI Snapshots for Backup and Recovery
With the release of Longhorn v1.3.0, CloudCasa by Catalogic is happy to announce that it fully supports the backup and recovery of Longhorn persistent volumes (PVs) on Kubernetes clusters. While previous versions of Longhorn supported volume snapshots and the CSI interface, Longhorn v1.3 introduced full support for the CSI snapshot interface so it can now be used to trigger volume snapshots in a cluster.
Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?
The NVD defines one of the usages of CVSS as “a factor in prioritization of vulnerability remediation” and it is the current de-facto vulnerability metric, often seen as infallible guidance and a crucial element in many compliance processes. In our session we will go over real-world CVE examples, demonstrating cases and entire categories where CVSSv3.1 falls short of providing an accurate assessment, both due to its design and its various mishandlings. The session will also touch upon specific indicators in the CVE description that can raise the confidence in a CVSS score, and vice versa.
Untangle the Secrets of your JavaScript Dependencies
In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.
Learn How to Get Started with Snyk in Less Than 1 Minute | Fast and Free
Getting started with Snyk is fast and free. Nope, it's not a free trial. It's a free tier that you can use for personal projects or for work!
A Day in The Life of a Food Giant CISO - Sherif Mansour
During this live stream we had a conversation with the director of Information Security at Just Eat Takeaway Sherif Mansour, where we explored his day-to-day activities and how Snyk's products help him to perform his role.
Securing Your Snowflake Database with Teleport Database Access
Picture this: unfortunately you had to let one of your engineers go. No matter how many times you tried to tell them, after countless interventions and meetings with the engineering lead, they simply wouldn’t stop using tabs instead of spaces. An absolutely unforgivable offense. A few weeks later, suddenly your production Snowflake database is wiped out. You log on to assess the damages and you check the SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY for every user in the system.
#DevOpsSpeakeasy at #KubeCon EU 2022 with Tom Granot on Developer -Native Observability
In this interview Tom walked us through the importance of devloper native observability and how it can be easily obtained with Lightrun.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
Mend API Helps Make SBOMs Simple
The proliferation of third-party software components such as open source software(OSS) has triggered a growing need to keep track of it all. Why? Because when security vulnerabilities inevitably crop up in open source components, it’s pretty important to know whether your company uses that piece of code – or whether it appears in the myriad software dependencies inherent in open source.