Episode 1: DevSecOps Coffee Break Series Add OSS Security & Compliance to Artifactory
Introduction to JFrog Xray and how to reduce vulnerability and license risks of the open source and 3rd party dependencies you rely on.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Episode 2: DevSecOps Coffee Break Series | Creation of Your Software Bill Of Materials SBOM
Learn what an SBOM is, how it will benefit you, which misconceptions exist around it, and why it must be a key element of your SDLC security and compliance process.
Episode 4: DevSecOps Coffee Break Series | 'Shift Left' Security With A Developer Centric Approach
Learn best practices to immediately “shift left” in your Cl/CD process and fix vulnerabilities before they move into the next stage of your SDLC.
Episode 5: DevSecOps Coffee Break Series | If JFrog is Good Enough For The Government, Why Not You
JFrog Artifactory and JFrog Xray achieved Iron Bank Certification - see how they can improve your SDLC security posture with the JFrog Platform.
Episode 3: DevSecOps Coffee Break Series | Securing Your Software Supply Chain
Learn how you can protect your software development lifecycle (SDLC) from supply chain attacks, and ensure the software you deliver to your employees and your customers is safe.
LimaCharlie & Atomic Red Team Enable a DevOps Approach to Cybersecurity
Engineering is both an art and a science. It requires creative thinking but is bounded by a rigidity which enables measurement and progress. We can only see so far because we stand on the shoulders of giants… and because those giants kept really good notes. Cybersecurity is growing up and it has to. Cyber is no longer the domain of shadowy figures in hoodie sweatshirts, it now has a presence in the C-suite.
How to Pass a FedRAMP Audit for SaaS Providers: Part 1
You work at a SaaS provider, and now you need to pass a FedRAMP audit. If that describes you, read on. This post will tell you (almost) everything you need to know about how to pass a FedRAMP Audit. For the rest, reach out to us. We will put you in touch with one of our Solution Engineers like me who have helped some of the largest SaaS providers in the world pass their FedRAMP audit prior or after IPOing. It’s what we do.
Kubernetes version 1.23 is out - everything you should know
Kubernetes’ last release for the year v1..23 will be released next week Tuesday, December 7, 2021 The Christmas edition of Kubernetes comes with 45 new enhancements to make it more mature, secure, and scalable. In this blog, we’ll focus on the critical changes grouped into the Kubernetes API, containers and infrastructure, storage, networking, and security. Let's start with the “face of Kubernetes”, which makes it scalable and expandable.
Java JSON deserialization problems with the Jackson ObjectMapper
In a previous blog post, we took a look at Java’s custom serialization platform and what the security implications are. And more recently, I wrote about how improvements in Java 17 can help you prevent insecure deserialization. However, nowadays, people aren’t as dependent on Java’s custom serialization, opting instead to use JSON. JSON is the most widespread format for data serialization, it is human readable and not specific to Java.
Automating Container Runtime Security Scanning with Snyk
So you’re running microservices in containers? Congratulations! This is an important step towards meeting those business needs around delivering applications to the hands of your customers as soon as possible. But how can we mitigate any potential risks associated with faster software deployment while running on Kubernetes? Simple, with Snyk’s Kubernetes integration we can identify vulnerabilities in their associated images and configurations that might make those workloads less secure. Watch this video to find out how!