Hardcoded Secrets

A Secrets Management Maturity Model

April 3, 2024January 14, 2022 by Jon Jarboe

Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.

Cycode Integration with JFrog Pipelines and Artifactory

April 3, 2024December 31, 2021 by Tony Loehr

JFrog and Cycode created an integration that will improve the security of our customers’ digital assets and dependencies.

AWS CloudFormation Security: 8 Best Practices

June 20, 2024November 17, 2021 by Tony Loehr

AWS CloudFormation gives organizations the ability to easily manage a collection of AWS resources by automating the initialization, provisioning, and…

7 Terraform Security Best Practices

February 26, 2025November 2, 2021 by Tony Loehr

Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource provisioning…

8 Infrastructure as Code (IaC) Best Practices for Security

April 3, 2024October 7, 2021 by Tony Loehr

Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…

Why Developers are Hackers’ New Targets (and What to do About it)

April 3, 2024August 3, 2021 by Orion Cassetto

Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications and even development environments.

How to Setup Branch Protection Rules in Azure DevOps

April 29, 2025May 26, 2021 by Tomer Almog

Branch protection rules are a crucial part of securing source control management systems. Branch protection rules enable administrators…

The Codecov Breach – Development Infrastructure is the Weakest Link & its Now Rapidly Being Exploited

April 3, 2024April 20, 2021 by Amnon Even-Zohar

On April 15th, Codecov disclosed a major breach when an attacker compromised its infrastructure allowing to export sensitive information like…

ESLint: Compromising the Build using Supply Chain Attack

April 3, 2024February 18, 2021 by Amnon Even-Zohar

A supply-chain attack is an indirect attack which targets the tools, automatic software updates or supply chain in general, in order to introduce malicious code or dependencies into existing software, without the developers being aware.

A Unique Supply Chain Attack: The 2020 Sawfish

April 3, 2024January 31, 2021 by Amnon Even-Zohar

For attackers targeting technology businesses, the goal is often stealing intellectual property and other data, which can either be sold for profit…

State of ASPM 2025

The 2025 Product Security All-Stars

Securing Software
Development In The AI Era