Tag: CI/CD security
Novee Uncovers Cordyceps: The Latest Threat to CI/CD Pipelines
A newly discovered supply chain security flaw is once again putting a spotlight on inherent weaknesses in CI/CD pipelines and the growing interest among cyberthreat actors to exploit them. Security researchers with ...
Why Endpoint Protection Matters More than Ever in CI/CD Environments
CI/CD environments depend on far more than repositories and deployment infrastructure. Developer endpoints hold sensitive data: cloud credentials, SSH keys, deployment permissions, direct access to internal systems. Endpoint security and control are ...
Shift Left to the Developer’s Machine: Building Local Git Security GatesÂ
Shift left to the developer's machine. The principle is what matters: Stop secrets before they ship. The tooling is a means to that end. ...
Agentic DevSecOps: AI Security Co-Pilots for Your CI/CD PipelineÂ
The emergence of AI has brought endless possibilities and innovative opportunities in today’s ever-changing, fast-paced technology landscape. AI is helping development teams produce software significantly faster than ever before. AI-enabled DevSecOps tools ...
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
The latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
Your CI/CD Pipeline Has Non-Human Identities You Forgot About
A deployment starts failing late on a Friday evening. The initial assumption is that something changed in the application release. Teams start checking container images, Terraform plans and recent commits. Nothing looks ...
AI-Generated Apps Without DevOps: A Security Disaster Waiting to Happen
A small internal tool was built over a weekend. An engineer used an AI coding assistant to generate most of the backend. A simple interface was added, a few API calls were ...
AWS CodeBuild Webhook Misconfiguration Exposed Admin Access Risk
AWS fixed webhook filter misconfigurations in CodeBuild that could have allowed unauthorized repository access. No customer impact or malicious code found ...
Build vs. Buy: What it Really Takes to Harden Your Software Supply ChainÂ
When it comes to securing the software supply chain, engineering teams often assume that the choice between building their own hardened images or buying a solution is straightforward…until they try to build the ...
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
DevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
The DevSecOps Career Path: What No One Tells You About Getting Started
DevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they're expected to understand ...
What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today?Â
Traditional vulnerability scanning can’t keep pace with CI/CD. Learn how real-time, context-aware scanning reduces noise, speeds fixes, and enables secure DevSecOps at scale ...

