Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

indusface

Why CI/CD Security Scanning Is Non-Negotiable in Modern DevSecOps

May 8, 2025 By Vinugayathri Chinnasamy In Indusface
In the race to deliver software faster and more frequently, Continuous Integration and Continuous Deployment (CI/CD) pipelines have become the backbone of modern DevOps workflows. But with this speed comes a critical trade-off — security. Integrating security checks into your CI/CD pipeline is no longer optional; it’s a necessity. This is where CI/CD security scanning steps in.
Read Post
ioncube24

Best Practices for Using ionCube Encoder in CI/CD Pipelines

Apr 30, 2025 By Ben In ionCube24
With the growing adoption of automated build pipelines, the ionCube Encoder CI Edition offers a tailored solution for developers needing flexible, temporary machine licensing within their CI/CD workflows. The CI Edition is ideal for use in ephemeral environments like Docker containers or cloud-based runners, allowing encoding operations to occur seamlessly as part of your integration process. If you’re not yet familiar with this product, our FAQ entry provides a concise overview.
Read Post
sumologic

Secure your CI/CD pipelines from supply chain attacks with Sumo Logic's Cloud SIEM rules

Mar 20, 2025 By Dan Kaiser In Sumo Logic
Supply chain attacks, particularly those targeting continuous integration/continuous delivery (CI/CD) pipelines, are on the rise. It’s easy to think of these attacks as something that only happens to others, but the reality is that your organization is part of the supply chain too. Whether your company develops software for internal use, offers it as part of a service to your customers, or sells it as a product, you’re exposed.
Read Post

Yonit Gruber-Hazani: Securing the Pipeline: Remediating CI/CD Vulnerabilities with SLSA | DevSecNext

Mar 19, 2025 By Jit In Jit
Software supply chain attacks are on the rise, exploiting gaps in CI/CD pipelines to introduce malicious code. In this talk, Yonit Gruber-Hazani dives deep into common CI/CD vulnerabilities and how to mitigate them using the SLSA (Supply-chain Levels for Software Artifacts) framework. This talk was recorded at DevSecNext, a community-driven event reimagining how we share security insights—short, to the point, and packed with actionable takeaways.
View Video
securitysenses

Application Packaging Services vs. In-House Packaging: What's Right for You?

Mar 17, 2025 By SecuritySenses In SecuritySenses
Should you perform in-house packaging or use application packaging services? Obviously, both options have their pros and cons. It always comes down to your requirements, expectations, but also deadlines and other factors. In many cases, app packaging services tend to be quicker, however there are still many companies that go for in-house packaging because they already have that system in place and set up correctly.
Read Post
securitysenses

Testing Authorization Policies in CI/CD Environments: Best Practices

Feb 14, 2025 By SecuritySenses In SecuritySenses
When you're nearing bringing a new update to production, you may rather not want to realize that everyone and anyone has complete open access to sensitive data, just before you're about to deliver the update. Misconfiguring or properly not configuring an authorization policy could lead to a scenario just like that. Things move fast in the CI/CD environment, with code changes and constant deployments, so it's not hard to see how a security mistake can slip under the radar. But when it does, you can expect security breaches, regulatory violations, and huge losses, are swiftly follow. And you definitely want to prevent those.
Read Post
Spectral

Secure Your CI/CD Pipelines: 7 Best Practices You Can't Ignore

Feb 12, 2025 By Eyal Katz In Spectral
What’s the difference between an unsupervised toddler with markers and an unsecured CI/CD pipeline? Both look fine at first, but chaos is inevitable. While a toddler might scribble on walls, an unsecured pipeline invites attackers to wreak havoc on your digital assets. Cleaning up after either is tough—prevention is smarter. The CrowdStrike 2024 report reveals that cloud-conscious intrusions skyrocketed by 110% in 2023.
Read Post
sysdig

How to secure every stage of the CI/CD pipeline with Sysdig

Dec 12, 2024 By Marla Rosner In Sysdig
Securing operations in the cloud can seem daunting. To protect your organization, you need to have the proper preventative and reactive safeguards in place at every step of the software development cycle. But it doesn’t have to be as complex as it sounds. This blog outlines how to secure the entire software development lifecycle, emphasizing the “shift left” approach, which aims to catch vulnerabilities and issues early in the development process to reduce both risks and costs.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.