Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Git

Building a secure CI/CD pipeline with GitHub Actions

GitHub Actions has made it easier than ever to build a secure continuous integration and continuous delivery (CI/CD) pipeline for your GitHub projects. By integrating your CI/CD pipeline and GitHub repository, GitHub Actions allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository or deploy merged pull requests to production.

3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security

Developers love GitHub. It’s the biggest and most powerful collaboration platform that programmers, developers, and companies use to develop and maintain their software. It’s the biggest source code host with more than 200 million repositories. And it keeps growing. In 2021, more than 73 million developers used GitHub. It gained over 16 million new users in 2021 alone, and GitHub estimates that user numbers will increase to 100 million developers in the next five years.

GitHub Supply Chain Attacks Highlight the Urgency of Zero Trust SaaS Data Security

In early April, the tech industry witnessed a major GitHub security incident targeting GitHub organizations using Heroku and Travis CI. GitHub was made aware of this threat via an attack leveraging AWS API keys to GitHub’s own npm production infrastructure. As upstream security risks within SaaS platforms become more common, organizations that leverage these platforms are relying on tools like Nightfall to protect themselves.

FROGBOT : Securing your git repository!

Frogbot scans every pull request created for security vulnerabilities with JFrog Xray. With Frogbot installed, you can make sure that new pull requests don’t add new security vulnerabilities to your code base alongside them. If they do, the creator of the pull request has the opportunity to change the code before it is merged. Frogbot reports its findings directly in the git UI. It simply adds a comment with its findings. You can think of Frogbot as your new team member, keeping your code safe.

Bearer in your CI/CD with our GitHub Action

Bearer is a Static Application Security Testing (SAST) tool that enables security and engineering teams to identify and mitigate data security risks throughout the software development lifecycle. It integrates with Source Code Management (SCM) software (see Git repository integrations for more details) to scan your code repositories, discover and classify data flows, and detect gaps with your data security policy.

Secure It. Ship It. 5 Critical Steps to Release Secure Products Faster

For the month of April, we are kicking off a series of posts here at Rezilion to celebrate our new partnership with GitLab. Our theme is: Secure it. Ship it. Why? Because the GitLab CI and Rezilion partnership is the answer to meet the needs and demands of modern developers and security teams who want to both innovate quickly and ensure the products they create are secure.

GitLab Password Security Vulnerability - CVE-2022-1162

On Thursday, March 31, 2022, GitLab released an advisory for a critical password security vulnerability in GitLab Community and Enterprise products tracked as CVE-2022-1162. GitLab is DevOps software that combines the ability to develop, secure, and operate software in a single application. The exploitation of CVE-2022-1162 can allow a threat actor to guess a hard-coded password for any GitLab account with relative ease.

Export and Distribute SBOMs Directly From Your Git Repositories

Guest Blog by Daniel Parmenvik – CEO of bytesafe.dev For many, Software Bill of Materials (SBOMs) have changed from a manual list of assets for due diligence procedures to become an integral and automated part of software development. The ever increasing appetite for open-source software translates into a need to keep track of software assets (or open-source dependencies) for all applications, at any given point in time.

Rezilion Announces Integration With GitLab That Helps Organizations Reduce Vulnerability Backlog by 70%

Rezilion announced today an integration with GitLab, the DevOps Platform, that enhances developers' ability to release secure software products faster. Deployed in minutes, this native integration with GitLab CI eliminates an organization's vulnerability backlog by 70% and reduces remediation from months to days while addressing 100% of exploitable risk.