Software Supply Chain

OpenSSH Vulnerability CVE-2024-6387: What You Need to Know

April 8, 2025July 2, 2024 by Alex Ilgayev

1 in 3 OpenSSH Servers Are Vulnerable – Protect Yourself Against CVE-2024-6387 A critical security vulnerability, identified as CVE-2024-6387, has been discovered in the OpenSSH server. This widespread vulnerability poses a significant threat to millions of systems globally. Dubbed “RegreSSHion,” this vulnerability enables remote unauthenticated code execution, potentially allowing attackers to gain unauthorized access and control … Read more

Cycode Named in the Gartner® Hype Cycle™ for Platform Engineering, 2024 Report

April 8, 2025July 2, 2024 by Amir Kazemi

Cycode recognized as a Sample Vendor for Software Supply Chain Security in the Gartner Hype Cycle for Platform Engineering, 2024 report. Cycode, the leading application security posture management (ASPM) platform that enables secure application delivery, today announced the company was named as a Sample Vendor for the Software Supply Chain Security category in the Gartner Hype Cycle … Read more

Cimon Delivers Continuous Assurance and Automatic SLSA Compliance

April 8, 2025May 7, 2024 by Alex Ilgayev

Cycode revolutionizes CI/CD security and pipeline integrity with its newest version of Cimon, which is part of the Cygives initiative…

What Is Software Composition Analysis (SCA)?

May 18, 2025April 23, 2024 by Cycode Team

Software Composition Analysis (SCA) is an essential tool in your cybersecurity arsenal if you use open source libraries, components, and dependencies, which 97% of commercial codebases do.

XZ Backdoor Software Supply Chain Attack: Strengthening Our Defenses

April 8, 2025April 1, 2024 by Alex Ilgayev

A recent security discovery has exposed a critical vulnerability within the XZ Utils library (CVE-2024-3094). Malicious code was embedded in versions 5.6.0 and 5.6.1, potentially enabling unauthorized remote access under specific conditions. The exact source of the backdoor is still under investigation, but the details point toward a malicious developer activity that included the following … Read more

Building Secure CI/CD Pipelines: Key Strategies from NIST SP 800-204D

May 18, 2025February 22, 2024 by Oreen Livni

In today’s fast-paced world of software development, speed and agility are paramount. Continuous integration and continuous delivery (CI/CD) pipelines…

Experience the Future of Open Source Security
 Get a Live Tour of Cycode

Book a Demo

Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud Developer Friendly Compliance Standards Instant Threat Detection Comprehensive Security Code to Cloud

State of ASPM 2025

The 2025 Product Security All-Stars

Securing Software
Development In The AI Era