Why Security Teams Consistently Fail to Implement Effective Security Controls Across the SDLC
DevOps has been around for more than a…
Governance
GitHub Actions & Code Injection: Avoiding Vulnerable Configurations
As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences…
Cycode:
Source Control & CI/CD Security
The last decade of application development experienced a staggering amount of innovation. Technologies like containers, Kubernetes…
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about the importance of artifact integrity, … Read more
Introducing an All-New Cycode: The Only Complete Approach to ASPM
There’s no surprise that in today’s lightning fast paced development environment, speed, and efficiency are non-negotiable…
Introducing Bulk Remediation for Software Composition Analysis (SCA)
Cycode Software Composition Analysis (SCA) now includes bulk remediation. This new feature allows users to efficiently address multiple vulnerabilities across different repositories…
What Is ASPM (Application Security Posture Management)?
Application Security Posture Management (ASPM) is an AppSec platform that continuously assesses…
5 Steps to Protect Code Integrity in Software Pipelines
Get 5 straightforward steps that any organization can take to harden their pipelines to keep attackers out.
How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects
Cycode discovered critical vulnerabilities in several popular open-source projects, each of which can cause a supply-chain attack through the CI process.
Your Software Supply Chain Is Your Weakest Security Link
The bad news is that attackers are shifting their focus to your less secure and easier-to-breach software supply chain.