Tag: supply chain security
Sysdig Identifies Cyberattacks on GitLab Platforms Using Binaries
Sysdig Threat Research Team uncovers cyberattacks using binaries written in Go and .NET are compromising on-premises editions of GitLab ...
Extending the GitOps Pipeline: DevSecOps and Trusted Application Delivery
Joydip Kanjilal | | application delivery, devsecops, gitops, software security, supply chain security, trusted application deliveryThe fusion of DevSecOps and trusted application delivery can extend the GitOps pipeline and add business value ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
Richi Jennings | | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Awareness of Software Supply Chain Security Issues Improves
Mike Vizard | | best practices, CI/CD, devsecops, security, Software Supply Chain, supply chain securityA global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive. The survey, ...
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
Richi Jennings | | core-js, Denis Pushkarev, JavaScript, open source, PyPi, Russia, Software Supply Chain, Software Supply Chain Security, softwaresupplychain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...
Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
Last year, the world woke up to the software supply chain dilemma. We saw a spike in attacks as hackers sought to exploit known and unknown vulnerabilities within dependencies. There is also ...
Secure Software Summit: Exploring Secure Coding Best Practices
Veronica Haggar | | chaos engineering, devsecops, secure code, secure coding, Secure Software Summit, shift left, shifting security left, supply chain securityIn an era where software is dominating the world, the security and quality of code must remain a high priority. Delivering secure and reliable software at a rapid pace is crucial for most ...
WhiteSource Adds SBOM Tool That Lists Vulnerabilities
WhiteSource has added a software bill of materials (SBOM) tool to its portfolio that, in addition to capturing the components of an application, also surfaces vulnerabilities that should be addressed. Many organizations ...
Oxeye Platform Helps Fix Code Vulnerabilities
Fresh from raising $5.3 million in seed funding, Oxeye emerged this week from stealth to launch a namesake application security testing platform that, in addition to pinpointing issues in code, also provides ...
CloudBees Acquires Neuralprints to Shift Compliance Left
Mike Vizard | | Cloud Security, cloudbees, compliance, compliance-as-code, DevOps World, supply chain securityAt the online DevOps World 2021 conference today, CloudBees revealed it has acquired Neuralprints to provide the core technology for CloudBees Compliance, a real-time compliance and risk analysis platform that it will ...