Blog

Dispatches from the
AppSec Frontlines

Sharing insights and experiences solving modern
software supply chain security challenges.
  • January 14, 2022 15 min read

    A Secrets Management Maturity Model

    Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.

    Jon Jarboe
    Director of Product Marketing
  • December 31, 2021 19 min read

    Cycode Integration with JFrog Pipelines and

    Several forms of supply chain attack have recently emerged that allow for attackers to insert themselves between developers and...

    Tony Loehr
    Developer Advocate
  • December 20, 2021 8 min read

    “Shadow Dev” and The Great Appsec Visibility

    According to Gartner’s Information Technology glossary, Shadow IT refers “to IT devices, software and services outside the...

    Orion Cassetto
    Sr. Director of Product Marketing
  • December 16, 2021 4 min read

    Two Ways to Address the Log4J

    Several forms of supply chain attack have recently emerged that allow for attackers to insert themselves between developers and...

    Tony Loehr
    Developer Advocate
  • December 13, 2021 18 min read

    Executive Order 14028: NIST SSDF

    Several forms of supply chain attack have recently emerged that allow for attackers to insert themselves between developers and...

    Tony Loehr
    Developer Advocate
  • December 7, 2021 12 min read

    Exploring the Chainjacking

    Several forms of supply chain attack have recently emerged that allow for attackers to insert themselves between developers and...

    Tony Loehr
    Developer Advocate
  • November 28, 2021 20 min read

    Applying the Principles of NIST Cybersecurity Framework to

    The National Institute of Standards and Technology (NIST) first released its Cybersecurity Framework in 2014 in response to an...

    Tony Loehr
    Developer Advocate
  • November 17, 2021 24 min read

    AWS CloudFormation Security: 8 Best

    AWS CloudFormation gives organizations the ability to easily manage a collection of AWS resources by automating the...

    Tony Loehr
    Developer Advocate
  • November 10, 2021 22 min read

    Key Takeaways from Google’s SLSA Cybersecurity

    In light of recent, multi-billion dollar cyber attacks, Google has introduced a framework to help developers improve software...

    Tony Loehr
    Developer Advocate
  • November 5, 2021 9 min read

    Understanding the Trojan Source Attack and How to Defend

    There’s little doubt that 2021 has been the year of the software supply chain attack, with many notable breaches that include...

    Orion Cassetto
    Sr. Director of Product Marketing
  • November 2, 2021 24 min read

    7 Terraform Security Best

    Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource...

    Tony Loehr
    Developer Advocate
  • October 27, 2021 10 min read

    Integrating Infrastructure as Code Security into Developer

    Over the last decade or so, developers have shifted from provisioning infrastructure by way of IT teams and ticketing systems...

    Amnon Even-Zohar
    Director of Product
  • October 21, 2021 21 min read

    8 Best Practices to Improve Kubernetes

    Kubernetes is a powerful tool allowing for orchestration of containerized services, applications, and...

    Tony Loehr
    Developer Advocate