Securing Infrastructure-as-Code from Tampering & Misconfigurations
Moving applications and development to the cloud has delivered both operational benefits at scale. Faster release cycles and microservices…
Code Tampering
Code Tampering:
4 Keys to Risk Reduction
Code tampering is a software company’s worst nightmare. Unfortunately, 2021 has been the year that this nightmare has come true from…
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about the importance of artifact integrity, … Read more
Software Supply Chain Security Deconstructed
In the last several years, software supply chain security has become a critical focus for organizations worldwide…
Three Lessons from the Ledger Connect Kit Supply Chain Attack
On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect Kit, a vital software component connecting hardware wallets to dApps, hit the industry.
Mastering Software Development Lifecycle Security: Best Practices
In the ever-evolving landscape of software development, it’s become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle (SDLC)…
5 Steps to Protect Code Integrity in Software Pipelines
Get 5 straightforward steps that any organization can take to harden their pipelines to keep attackers out.
Hardening Your SDLC in Response to Lapsus$ Breaches
Over the last several weeks, Lapsus$ has taken down a who’s who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.
Software Supply Chain Security: Your Attack Surface Is Bigger Than You Think
When most organizations approach software supply chain security, too often they think only about securing the open source or third-party dependencies in their code.
Jenkins Security Best Practices
Jenkins is one of the most well-known tool for creating automation pipelines and integrating them with the rest of your CI/CD tools. It has an active community that has contributed thousands of plugins to extend Jenkins’ core functionality…