Blog

Dispatches from the
AppSec Frontlines

Sharing insights and experiences solving modern
software supply chain security challenges.
  • December 1, 2022 11 min read

    CI-Story: How We Found Critical Vulnerabilities in StoryBook Project

    Cycode found several vulnerabilities in its GitHub Actions development pipeline that may have allowed any user on the internet to run arbitrary code ...

    Alex Ilgayev
    Security Researcher
  • November 18, 2022 13 min read

    Doing More With Less: How to Improve AppSec Programs When

    Software supply chain attacks are growing. Gartner reports that by 2025, 45% of organizations worldwide will...

    Jon Jarboe
    Director of Product Marketing
  • November 10, 2022 14 min read

    Shifting Security Left with the Cycode

    Security doesn’t begin with developers, but they are often affected by security. In my career as a developer, I would say I...

    Tony Loehr
    Developer Advocate
  • November 1, 2022 7 min read

    Lessons From OpenSSL’s 3.0.7 Security Patch

    While OpenSSL downgraded the criticality of its 3.0.7 security patch from Critical to High (CVE-2022-3786 and CVE-2022-3602), and...

    Andrew Fife
    VP Marketing
  • October 31, 2022 9 min read

    The Scariest Things About

    It is a time of ghouls, mischievous spirits, and David S. Pumpkins. In the spirit of Halloween, here are the top five scariest...

    Julie Peterson
    Sr. Product Marketing Manager
  • October 29, 2022 3 min read

    Security Advisory: Critical OpenSSL

    On Tuesday, November 1st, OpenSSL is releasing a critical patch. Given the ubiquity of OpenSSL, rapid remediation will be...

    Andrew Fife
    VP Marketing
  • October 24, 2022 11 min read

    Security Advisory: Text4Shell

    The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign seeks...

    Tony Loehr
    Developer Advocate
  • August 30, 2022 16 min read

    Pipeline Composition Analysis: The Next-Generation of

    Software composition analysis (SCA) is a necessary tool that detects vulnerabilities within dependencies such as open source...

    Andrew Fife
    VP Marketing
  • July 11, 2022 8 min read

    Security Advisory: IconBurst

    The IconBurst attack is a software supply chain attack designed to grab data from apps and websites. This attack campaign seeks...

    Tony Loehr
    Developer Advocate
  • July 5, 2022 5 min read

    Multi-functional Threat Coverage: How Cycode handles latest

    Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source...

    Maria Getsko
  • June 28, 2022 14 min read

    A Strong Foundation of Governance Improves All SDLC

    The innovation of DevOps toolchains has delivered increased efficiency for engineering teams. At the same time, these innovations...

    Julie Peterson
    Sr. Product Marketing Manager
  • June 28, 2022 28 min read

    All Roads Lead to Build Secrets – Or How Your Build

    Every software manufacturer nowadays implements robust DevOps processes to increase its ability to deliver applications and...

    Alex Ilgayev
    Security Researcher
  • June 16, 2022 13 min read

    ISO 27001

    CrateDepression is a software supply chain attack designed to target GitLab CI Pipelines by impersonating legitimate Rust...

    Tony Loehr
    Developer Advocate