Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CI CD

DevOps Speakeasy with Brett Smith

We caught up with Brett Smith, Software Architect at SAS. In his session, Supply Chain Robots, Electric Sheep, and SLSA Brett discusses creating automation, shifting left, attack vectors, attestation, verification, zero trust, and how the SLSA specification helps implement solutions for each. Most importantly, security must apply throughout a pipeline. The talk will lead to a larger discussion about the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
Snyk

8 tips for securing your CI/CD pipeline with Snyk

Securing your CI/CD pipeline is critical to modern application security. So, we created a cheat sheet to make the process easier. In this post, we’ll cover using Snyk in your CI/CD pipelines to catch security issues quickly and empower your developers to fix them before they get to production.

Snyk

How to strengthen security in your CI/CD pipeline

DevSecOps refers to the integration of security practices into DevOps process. With modern development cycles, you can't afford to leave security until the end. It should be baked in at every stage. Continuous integration, continuous delivery (CI/CD) security is a big part of the DevSecOps picture. It's critical that you secure your pipelines and that the automated systems used to implement CI/CD are not vulnerable to attack.

Bionic.ai

CI/CD Killed the Manual Code Review

Sean Wright is a veteran application security engineer with software development roots. Within security, he has a particular interest in TLS encryption and supply chain attacks. He believes security teams must be business enablers with a focus on efficiency. I had the pleasure of hosting Sean on this week’s episode of Champions of Security. Here’s the full episode and the key takeaways from our conversation.

Snyk

Building a security-conscious CI/CD pipeline

Continuous integration (CI) and continuous delivery (CD) has become a ubiquitous practice for DevOps teams. The CI/CD process focuses on building and deploying new applications or releasing updates to already-deployed workloads. As a result, most CI/CD efforts focus on enhancing development speeds. However, CI/CD practices can accomplish much more than enabling workload deployments.

1Password

Securing CI/CD pipelines with 1Password Service Accounts

Attention developers and DevOps teams! Today we’re excited to announce that 1Password Service Accounts are now generally available to all users. Whether you’re a growing startup, a thriving mid-size company, or a sprawling enterprise, service accounts offer a secure, automated way to access infrastructure secrets exactly where they’re needed.

gitguardian

How to Secure Your CI/CD Pipelines with GitGuardian Honeytokens

Discover how honeytokens, digital decoys designed to detect unauthorized access, can strengthen the security of your CI/CD pipelines. In this guide, we offer step-by-step instructions for integrating them into popular pipelines like Jenkins, GitLab, and AWS CodePipeline.