Software Supply Chain Security

Understanding the Trojan Source Attack and How to Defend Against It

March 31, 2026November 5, 2021 by Orion Cassetto

There’s little doubt that 2021 has been the year of the software supply chain attack, with many notable breaches that include Solarwinds…

7 Terraform Security Best Practices

August 31, 2025November 2, 2021 by Tony Loehr

Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource provisioning…

Integrating Infrastructure as Code Security into Developer Workflows

July 30, 2025October 27, 2021 by Amnon Even-Zohar

Over the last decade or so, developers have shifted from provisioning infrastructure by way of IT teams and ticketing systems to…

Kubernetes Security Best Practices: 8 Tips to Secure K8s

December 18, 2025October 21, 2021 by Tony Loehr

Kubernetes is a powerful tool allowing for orchestration of containerized services, applications, and workloads…

8 Infrastructure as Code (IaC) Best Practices for Security

August 31, 2025October 7, 2021 by Tony Loehr

Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…

Why Developers are Hackers’ New Targets (and What to do About it)

January 4, 2026August 3, 2021 by Orion Cassetto

Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications and even development environments.

Vendor vs. Developer: Codecov Lessons on AppSec Responsibility

February 18, 2024June 10, 2021 by Ilia Shkolyar

The Codecov breach is an example of a classic software supply chain attack, in which attackers gain organization access by compromising 3rd…

Exploring the Chainjacking Attack

June 20, 2024December 7, 2021 by Tony Loehr

Several forms of supply chain attack have recently emerged that allow for attackers to insert themselves between developers and the dependencies they utilize.

How to Setup Branch Protection Rules in Azure DevOps

November 30, 2025May 26, 2021 by Tomer Almog

Branch protection rules are a crucial part of securing source control management systems. Branch protection rules enable administrators…

The Codecov Breach – Development Infrastructure is the Weakest Link & its Now Rapidly Being Exploited

April 3, 2024April 20, 2021 by Amnon Even-Zohar

On April 15th, Codecov disclosed a major breach when an attacker compromised its infrastructure allowing to export sensitive information like…

Start Securing the 10x Developer TodayDiscover the power of Cycode for your team.

Start Securing the 10x Developer Today
Discover the power of Cycode for your team.