Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At Elastic, we believe in the power of open source and understand the importance of community. By putting the community first, we ensure that we create the best possible product for our users. With Elastic Security, two of our core objectives are to stop threats at scale and arm every analyst. Today, we’re opening up a new GitHub repository, elastic/detection-rules, to work alongside the security community, stopping threats at a greater scale.

Waterfall. Agile. Scrum. Kanban. Lean. These words are often thrown around when talking about the software development life cycle (SDLC), but what do they mean and how do they relate to each other? In this blog, we’ll take a look at the evolution of the software development life cycle and consider several current trends.

We are excited to announce the immediate availability of WhiteSource’s new attribution report. Our attribution report gives you insight into the compliance requirements of your open source components, including detailed data on your licenses, copyrights, and notices. WhiteSource’s new attribution report features numerous enhancements to the overall user experience.

SCP? It’s that handy file-transfer feature of SSH, right? Well, not quite. It’s more of a hack. Or an undocumented, unstandardized mashup of two protocols. Let’s look at the exciting (and scary) details. Secure Copy Protocol (SCP) allows us to move files (and directories) between two computers. Using it is straightforward: This will copy local_file.txt to another computer (usually a server) with domain name remote_host into the /home directory.

We recently surveyed the Open Policy Agent (OPA) community to gauge use case adoption, pain points and generally help guide the project. The recent survey results reflect how much the community has grown over the past year. This time we received 204 responses from over 150 organizations across North America, Europe, Asia, Australia and Africa. Over 90% of respondents indicated they are in some stage of OPA adoption (e.g., pre-production, production, etc.).

Continuous integration/continuous delivery, more commonly known as CI/CD, promises to help software companies become more agile by delivering software faster and more reliably. The goal of CI/CD is to reduce software development and delivery timelines from months or weeks down to days or even hours. It does this by pushing frequent updates and fixes regardless of size and using automation tools to help the process run smoothly.

It’s time for June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities. In hopes of giving you this month-at-a-glance summary of current trends in the open source ecosystem, our trusted research team reviewed the new open source security vulnerabilities published in May and collected by the WhiteSource database.