Why Security Teams Consistently Fail to Implement Effective Security Controls Across the SDLC
DevOps has been around for more than a…
Software Supply Chain Security
GitHub Actions & Code Injection: Avoiding Vulnerable Configurations
As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences…
7 Critical GitHub Security Controls
GitHub is the most integral part of many development teams’ SDLC. It is the source of truth for the versioning of source code, which…
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about the importance of artifact integrity, … Read more
OpenSSH Vulnerability CVE-2024-6387: What You Need to Know
1 in 3 OpenSSH Servers Are Vulnerable – Protect Yourself Against CVE-2024-6387A critical security vulnerability, identified as CVE-2024-6387, has been discovered in the OpenSSH server. This widespread vulnerability poses a significant threat to millions of systems globally. Dubbed “RegreSSHion,” this vulnerability enables remote unauthenticated code execution, potentially allowing attackers to gain unauthorized access and control over … Read more
Cycode Named in the Gartner® Hype Cycle™ for Platform Engineering, 2024 Report
Cycode recognized as a Sample Vendor for Software Supply Chain Security in the Gartner Hype Cycle for Platform Engineering, 2024 report. Cycode, the leading application security posture management (ASPM) platform that enables secure application delivery, today announced the company was named as a Sample Vendor for the Software Supply Chain Security category in the Gartner Hype Cycle … Read more
Redis or Not – Revealing a Critical Vulnerability in Argo CD Kubernetes Controller
Cycode Researchers have uncovered a new vulnerability, CVE-2024-31989, with a critical score of 9.1. The vulnerability affects Kubernetes clusters equipped with Argo CD…
Cimon Delivers Continuous Assurance and Automatic SLSA Compliance
Cycode revolutionizes CI/CD security and pipeline integrity with its newest version of Cimon, which is part of the Cygives initiative…
What Is Software Composition Analysis (SCA)?
Software Composition Analysis (SCA) is an essential tool in your cybersecurity arsenal if you use open source libraries, components, and dependencies, which 97% of commercial codebases do.
XZ Backdoor Software Supply Chain Attack: Strengthening Our Defenses
A recent security discovery has exposed a critical vulnerability within the XZ Utils library (CVE-2024-3094). Malicious code was embedded in versions 5.6.0 and 5.6.1, potentially enabling unauthorized remote access under specific conditions.The exact source of the backdoor is still under investigation, but the details point toward a malicious developer activity that included the following behavior: … Read more