Software Supply Chain Security

Building Secure CI/CD Pipelines: Key Strategies from NIST SP 800-204D

August 11, 2025February 22, 2024 by Oreen Livni

In today’s fast-paced world of software development, speed and agility are paramount. Continuous integration and continuous delivery (CI/CD) pipelines…

Cycode Risk Intelligence Graph (RIG) Now Built with AI Inside

August 11, 2025February 21, 2024 by Julie Peterson

Cycode is excited to announce the launch of new GenAI capabilities in our Risk Intelligence Graph (RIG).

Cycode Named in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms Report

April 29, 2025February 20, 2024 by Cycode Team

Cycode recognized as a Sample Vendor for Software Supply Chain Security in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms report. Cycode, the leading application security posture management (ASPM) platform that enables secure application delivery, today announced the company was named a Sample Vendor for Software Supply Chain Security in the Gartner Emerging Tech … Read more

Cycode Discovers a Supply Chain Vulnerability in Bazel

August 11, 2025February 1, 2024 by Elad Pticha

The Cycode Research Team discovered a software supply chain vulnerability in one of Google’s open source flagship products, Bazel.
We found that a GitHub Actions workflow could have been injected by a malicious code due to a command injection vulnerability in one of Bazel’s dependent Actions.

CI/CD Pipeline Security: Best Practices Beyond Build and Deploy

August 31, 2025January 26, 2024 by Julie Peterson

Given the demand for rapid innovation and the adoption of agile methodologies, Continuous Integration/Continuous Deployment…

Software Supply Chain Security Deconstructed

February 18, 2024January 4, 2024 by Julie Peterson

In the last several years, software supply chain security has become a critical focus for organizations worldwide…

Three Lessons from the Ledger Connect Kit Supply Chain Attack

August 11, 2025December 18, 2023 by Alex Ilgayev

On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect Kit, a vital software component connecting hardware wallets to dApps, hit the industry.

Mastering Software Development Lifecycle Security: Best Practices

August 31, 2025December 12, 2023 by Julie Peterson

In the ever-evolving landscape of software development, it’s become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle (SDLC)…

Introducing the State of ASPM 2024 Report

April 29, 2025December 6, 2023 by Julie Peterson

Cycode is excited to announce the release of our State of ASPM 2024 report, the first ever report to analyze the state of application security and Application Security Posture Management (ASPM)…

Making Sense of SBOMs: The Minimum Requirements

August 31, 2025February 21, 2023 by Julie Peterson

An illustration of the US White House to represent the minimum SBOM requirements when selling to the US federal government.

The National Telecommunications and Information Administration (NTIA), under the guidance of the US Department of Commerce, recently released a white paper…

Ready to Fix What Matters?Discover what Cycode can do for you.

Ready to
Fix What Matters?
Discover what Cycode can do for you.