Software Supply Chain Security: Don’t Get Your Code Tampered
As enterprises invest in DevOps and continue increasing the agility of their software and application development processes…
Resources Category: All
Cloud Infrastructure Configuration Is Critical to a Secure Software Supply Chain Strategy
With the explosion of digital transformation…
GitHub Actions & Code Injection: Avoiding Vulnerable Configurations
As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences…
Modern Development Practices Open the Door for Code Leakage
As development teams leverage cloud-based infrastructure in support of collaboration and speed, code leakage…
Software Supply Chain Attack Priorities Survey
Our 2021 Software Supply Chain Attack Priorities survey was conducted with 176 people responding. Located across the globe…
Top 25+ Source Code Leaks, 2020-2024
Source code is the foundation of your intellectual property. Any exposure of your source code is a big deal…
How to Select DevSecOps Tools for Secure Software Delivery
“Agile development practices, cloud-native architectures and the increased…”
Software Composition Analysis (SCA) Cheat Sheet
Only scanning your application code for vulnerable dependencies is not enough to protect against modern threats like software…
Cycode: Next-Gen SCA: Pipeline Composition Analysis
Application code dependencies like open source libraries comprise approximately 80-90% of modern application codebases. Organizations that aren’t scanning these dependencies for vulnerabilities aren’t securing their applications.
Cycode: SAST – Static Application Security Testing
Static Application Security Testing (SAST) is used to identify vulnerabilities in custom application code and is often used early in the lifecycle before the application can be run.