Why Security Teams Consistently Fail to Implement Effective Security Controls Across the SDLC
DevOps has been around for more than a…
Hardening SDLC
GitHub Actions & Code Injection: Avoiding Vulnerable Configurations
As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences…
Cycode:
Source Control & CI/CD Security
The last decade of application development experienced a staggering amount of innovation. Technologies like containers, Kubernetes…
7 Critical GitHub Security Controls
GitHub is the most integral part of many development teams’ SDLC. It is the source of truth for the versioning of source code, which…
AI-Powered Security Research: How We Prioritized 40,000 GitLab Servers for Exposed Secrets
Cycode Labs has uncovered a significant security risk in the default configuration of GitLab self-hosted servers, where the “explore”…
AI Discovery with Cycode AI: Uncovering AI Usage & Risk Across Your Organization
Adequate visibility is the key to managing the risks associated with ungoverned AI usage. Recognizing this necessity…
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about the importance of artifact integrity, … Read more
Non-Human Identity Management: A Guide
Advancements in AI, IoT, cloud services, and microservices architecture have fundamentally altered how we approach identity management and necessitated the creation and management of service accounts, APIs, and application accounts. That’s where non-human identities (NHIs) come in. While NHIs enhance automation, scalability, and efficiency, they also introduce new security challenges that must be addressed to … Read more
Cygives: Cycode’s New Developer Initiative
Cycode is excited to announce Cygives, a new initiative that gives developers a comprehensive set of free, open source security solutions to help deliver safe code faster…
Three Lessons from the Ledger Connect Kit Supply Chain Attack
On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect Kit, a vital software component connecting hardware wallets to dApps, hit the industry.