%term

What's New with JFrog Xray and DevSecOps

May 11, 2021 By Paul Garden In JFrog

As we look to improve the quality and capabilities of the JFrog DevOps Platform, especially in the world of DevSecOps, we have added powerful new features to further enhance the award-winning JFrog Xray. The capabilities detailed below cement Xray’s position as a universal software composition analysis (SCA) solution trusted by developers and DevSecOps teams globally to quickly and continuously identify open source software vulnerabilities and license compliance violations.

Read Post

JFrog

Read more about What's New with JFrog Xray and DevSecOps

Trend Micro launches Cloud One Open Source Security powered by Snyk

May 10, 2021 By Geva Solomonovich In Snyk

Last summer, we announced our plan to expand our partnership with Trend Micro to provide security operations teams visibility and tracking of vulnerabilities and license risks in open source components. The long-standing partnership already includes container image security scanning that leverages Snyk’s proprietary vulnerability database.

Read Post

Snyk

Read more about Trend Micro launches Cloud One Open Source Security powered by Snyk

Hack my misconfigured Kubernetes at Kubecon Europe

May 10, 2021 By Snyk In Snyk

In the last few years, we’ve seen more and more responsibilities shift left – to development teams. With the widespread adoption of Kubernetes, we’re now seeing configurations become a developer issue first and foremost. This responsibility means that developers need to be aware of the security risks involved in their configurations.

View Video

Snyk

Read more about Hack my misconfigured Kubernetes at Kubecon Europe

The State of Infrastructure as Code Security at Kubecon Europe

May 10, 2021 By Snyk In Snyk

The adoption of infrastructure-as-code and configuration-as-code is soaring with the rising popularity of technologies like Kubernetes and Terraform. This means that designing and deploying infrastructure is a developer task, even if your “developer” is an infrastructure architect, and, just like application code, configurations can use test-driven methodologies to automate security prior to deployment.

View Video

Snyk

Read more about The State of Infrastructure as Code Security at Kubecon Europe

Secure access to web applications & RESTful APIs with Teleport Application Access

May 10, 2021 By Teleport In Teleport

https://goteleport.com/resources/videos/application-access/

Docs: https://goteleport.com/docs/application-access/introduction/

0:00 Introduction
13:29 Demo

View Video

Teleport

Read more about Secure access to web applications & RESTful APIs with Teleport Application Access

SuiteCRM: PHAR deserialization vulnerability to code execution

May 7, 2021 By Sam Sanoop In Snyk

SuiteCRM is a free and open source Customer Relationship Management application for servers. This advisory details a PHAR deserialization vulnerability that exists in SuiteCRM which could be leveraged by an authenticated administrator to execute commands on the underlying operating system. This issue has been fixed in release 7.11.19. In PHP, PHAR (PHP Archive) files can be used to package PHP applications and PHP libraries into one archive file.

Read Post

Snyk

Read more about SuiteCRM: PHAR deserialization vulnerability to code execution

Snyk Code is now available for free

May 6, 2021 By Frank Fischer In Snyk

Snyk’s mission is to empower developers and DevOps teams to secure their applications. As part of that security mission, Snyk offers a Free plan for Snyk Open Source, Snyk Container, and Snyk Infrastructure as Code, so all developers can code securely. Today, we’re excited to announce that Snyk Code is now available for free as well.

Read Post

Snyk

Read more about Snyk Code is now available for free

Stranger Danger: Your Node.js Attack Surface Just Got Bigger

May 6, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Stranger Danger: Your Node.js Attack Surface Just Got Bigger

Pull Requests for Infrastructure Access

May 6, 2021 By Ev Kontsevoy In Teleport

Making frequent changes to cloud applications running in production is the de-facto standard. To minimize errors, engineers use CI/CD automation, techniques like code reviews, green-blue deployments and others. Git pull requests often serve as a foundational component for triggering code reviews, Slack notifications, and subsequent automation such as testing and deployments. This automated process enforces peer reviews and creates enough visibility to minimize human error.

Read Post