Snyk Customer Story - Expel
Hear from Sam Brown, Principal DevSecOps Engineer at Expel, on how Snyk helps Expel build security into their engineering processes.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Do We Still Need a Bastion?
There is a growing discussion among network engineers, DevOps teams, and security professionals about the security benefits of bastions. Many assume that they are the “old way” of network access and have little relevance in the modern cloud native stack. These speculations are not irrelevant as in recent years, the corporate IT network perimeter as we knew it is diminishing, and the concept has been shifted to data, identity, and compute perimeter.
Policy Bundle Registry for Styra DAS Enterprise
One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.
Snyk Code CLI support now in public beta
Snyk is on the mission to make Static Application Security Testing (SAST) tools work for developers throughout the DevOps pipeline. Snyk Code scans in real time with high accuracy — and it does it right from the tools and workflows developers are already using. For example, the IDE plugins for IntelliJ, PyCharm, WebStorm, and Visual Studio Code make it easy to code, scan and fix even before code hits the version management.
Five takeaways from my first year at Styra, the founders of Open Policy Agent
It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source! I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.
The Tokenised Auth
Authentication can sound simple. It's just a login form and a couple of database columns, right? Why would you need a separate identity platform to solve this? You've probably heard that you shouldn't roll your own crypto, or payments. Well, add authentication to that list. Ben Dechrai joins us to discuss the aspects of good authentication, from tokenisation to multi-factor, and dives into a few features of Auth0 that help you customise, extend, and personalise your users' experience.
DevSecOps Road Trip Germany stop - Sven Ruppert & Mathias Conradt
Session 1: Polyglot apps lead to polyglot security holes. It's time to fight back!
How To Use Teleport: Using GitHub for Single Sign On (SSO)
How to setup Teleport to use Github Teams to provide access to your infrastructure. This guide explains how to set up Github SSO with Open Source, Enterprise Teleport, self-hosted or cloud.
Anatomy of a Cloud Infrastructure Attack via a Pull Request
In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system.
CloudFabrix is Recognized as a AIOps Leader and Fast Moving Innovator in GigaOm 2021 AIOps Radar Report
Recognized for strong AI/ML and innovative Robotic Data Automation (RDA) capabilities.