Skip to content
Blog
Enterprise Application Security: The Complete GuideGitHub Action tj-actions/changed-files, Supply-Chain Attack: The Complete GuideCode Injection AttacksSecrets Detection Beyond the Repository: Securing The End-to-End Software Development FactorySoftware Composition Analysis Tools: 2025 Buyer's GuideCycode's Next-Generation SAST | Accelerate Secure Development with a Complete ASPM11 Application Security Testing TypesOpen Source Security: The Complete GuideReset Your AppSec Program in 2025 - A Practical Approach to Application SecurityWhat is Product Security? A Complete GuideManaging secrets in Terraform: The Complete GuideHow We Optimized CI/MON eBPF Sensor to Handle Thousands of Events per SecondSecuring cloud native applications with Sysdig and CycodeAutomated Remediation: Everything you need to knowCycode Named in the Gartner® Innovation Insight™ for Application Security Posture Management, 2025 ReportSecrets in Helm: Best Practices and a Comprehensive GuideCI/CD Security Tools Buyer's GuideWhite House Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity and What it Means to Software Security and ASPMThe Ultimate Guide to Kubernetes Secrets: Types, Creation, and ManagementApplication Security Tools: A Buyer's GuideOne Threat to Unite Them All: Malicious Code Hidden in NPM PackagesCycode and Traceable Partner to Enhance API Security Through ASPMVeracode vs SonarQube vs Cycode: Pros & Cons, and How to Choose the Best SolutionSnyk vs Veracode vs Cycode: Pros & Cons, and How to Choose the Best SolutionSnyk vs Wiz vs Cycode: Pros & Cons, and How to Choose the Best SolutionSnyk vs GitHub Advanced Security vs Cycode: 3 Key Differences, Pros & Cons, and How to Choose the Best SolutionSnyk vs Checkmarx vs Cycode: 3 Key Differences, Pros & Cons, and How to Choose the Best SolutionSnyk vs Aikido vs Cycode: Key Differences, Pros & Cons, and How to Choose the Best SolutionVeracode vs Checkmarx vs Cycode: 3 Key Differences, Pros & Cons, and How to Choose the Best SolutionIntroducing Cycode Technologies Inventory: Enhance Visibility and Control across Your SDLC ToolsCycode and Secure Code Warrior Partner to Revolutionize Secure DevelopmentDon't Let Your GitOps Agent Become a Backdoor: Practical Guide to Secure GitOps CD SystemsCycode Accepted into the AWS ISV Accelerate Program, Strengthening Collaboration and Advancing Application Security Posture ManagementAI-Powered Security Research: How We Prioritized 40,000 GitLab Servers for Exposed SecretsIntroducing the State of ASPM 2025 ReportCycode Launches Bi-Directional Integration with Wiz CNAPP PlatformThe EU AI Act: A New Era for AI Governance (and What it Means for You)New EU Product Liability Directive: Impact on Software Producers with Real-Life ExamplesIntroducing Cycode’s VP of EMEA Sales, Jochen KoehlerLeveraging Cycode’s Complete ASPM to Strengthen Perforce Helix Core SecuritySoftware Supply Chain Risks and How to Mitigate ThemLottie Web Player Malicious Package: All You Need to KnowIntroducing ASPM University: The #1 Resource for AppSec and Product Security Pros8 Key Insights From ASPM Nation 2.0Why Application Security Posture Management is Essential for PCI-DSS 4.0Why ASPM Requires an Independent Approach: Exploring the Role of ASPM vs. CNAPP | Part 1Static Application Security Testing Buyer’s Guide: How to Choose the Right Tool for Your TeamApplication Security Assessments: A Step-by-Step Guide to Securing Your SoftwareStrengthening Your DevOps Pipeline: Essential Tools and Best PracticesSecret Scanning: The Definitive GuideHow Cycode’s Complete ASPM Platform Helps Organizations Achieve FedRAMP ComplianceWhat it Means to be an Enterprise Ready ASPM PlatformResetting Application Security: 5 Reasons to Attend ASPM Nation 2.0How ASPM Solutions Help Companies Prepare for DORA ComplianceComponent #3 of 3 of a Complete ASPM — Posture ManagementComponent #2 of 3 of a Complete ASPM — Application Security TestingBuilding a Winning Security Program: Lessons from the Fantasy Football DraftKick Your SAST Out! Leverage Cycode’s Modern SAST Over Your Legacy SAST ToolHow Application Security Posture Management (ASPM) Secures Cloud ApplicationsSecrets Detection - Powered by CycodeAIComponent #1 of 3 of a Complete ASPM — Pipeline SecurityIntroducing Cycode's New Field CTO, Jimmy Xu5 Things The Olympics Taught Us About ASPMHow to Detect Secrets in Source Code?AI Discovery with Cycode AI: Uncovering AI Usage & Risk Across Your OrganizationSecuring Artifacts: Keyless Signing with Sigstore and CI/MONBuy or Build? Evaluating the ROI of ASPM PlatformsIntroducing Cycode AI: Bringing AI Inside the Only Complete ASPMStrengthening Cybersecurity Together: The Crucial Role of ASPM and RBVM IntegrationIntroducing Cycode + Invicti: Connecting DAST Findings to Source Code Through a Complete ASPMHow to Use the Cycode RIG APIWhat Is Open Source Security Software?Non-Human Identity Management: A GuideCycode Secrets Scanning Now in Jira and ConfluenceOpenSSH Vulnerability CVE-2024-6387: What You Need to KnowCycode Named in the Gartner® Hype Cycle™ for Platform Engineering, 2024 ReportHow To Evaluate Secret Detection ToolsUnveiling AI-Driven Material Code Change Alerting5 Reasons to Read Code Resilience in the Age of ASPMCycode Named in the 2024 Forrester Software Composition Analysis Software Landscape ReportCode Resilience in the Age of ASPM Book LaunchCycode and GuidePoint Security Cement Strategic PartnershipWhat Is Risk-Based Vulnerability Management (RBVM)?Redis or Not - Revealing a Critical Vulnerability in Argo CD Kubernetes ControllerIntroducing Cycode’s ASPM MarketplaceCimon Delivers Continuous Assurance and Automatic SLSA ComplianceConnectorX and Application Security Testing: Achieving a Complete ASPM with CycodeCygives: Cycode’s New Developer InitiativeUniversal CNAPP Traceability Now Possible with Cycode’s Complete ASPM and ConnectorXWhat Is Software Composition Analysis (SCA)?Introducing Cycode's SCA Reachability AnalysisSisense Breach: Using Secrets Scanning to Strengthen Your DefensesCracking the Code: A Comprehensive Guide to Secrets DetectionASPM as a Force Multiplier in Secure Business Resilience: A CISO’s PerspectiveEnhancing Security Prioritization with Cycode's Advanced Risk ScoringXZ Backdoor Software Supply Chain Attack: Strengthening Our DefensesWhat Is Static Application Security Testing (SAST)?Cycode + Wiz: Bringing Cloud Security into Your Complete ASPM via ConnectorXIntroducing Cycode's New Security Tools for Developers and AppSec TeamsHow CISOs and CEOs Can Build a Cyber Resilient Org with a Complete ASPMBearer Entered into an Agreement to be Acquired by CycodeRedefining SAST: When AppSec Meets Developer ExperienceEmpowering Security Champions with Modern Static Application Security Testing (SAST)Celebrating 50,000 Downloads of Bearer CLI — and what it means!Enhancing Developer Experience and Security Reporting on WorkflowsIntroducing Bearer’s GitHub AppWhat does a modern code security pipeline look like? (Hint: not like a pipeline).Introducing Bearer CloudHow to Assess Third-Party Data SecurityData security is a mirageData security is not data privacyBearer’s data-first security platformData Discovery: A Detailed Guide to the What, Why, and How9 Data security best practices and how to implement themFive tips to jumpstart your SaaS hiring effortsWhat you need to know about DPIAsAn Update on Data Protection, Privacy, and Data Security Laws and FrameworksWhat is sensitive data?The 7 key insights from our panel on security and privacyWhat it's like as a product design intern at BearerPrivacy and Data Protection: What's the difference?APIDays: Data Privacy in the age of cloud-native applicationsThe top 3 data security problems plaguing tech companiesPivoting to data securityTips for running an effective virtual offsiteWorking remotely: Insights from the Bearer teamLessons learned from redesigning our GraphQL APIHow to make remote a successHow we got 900 applications on our Developer PositionStarting a remote-first and multicultural companyCycode Acquires Bearer to Deliver AI-Powered SAST and API Discovery to Its Complete ASPMKey Insights from the Industry's First Ever ASPM Nation EventTop Source Code Leaks, 2020-2024Building Secure CI/CD Pipelines: Key Strategies from NIST SP 800-204DCycode Risk Intelligence Graph (RIG) Now Built with AI InsideCycode Named in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms Report7 Reasons to Attend ASPM Nation: A Valentine's Day Special for Cybersecurity LoversIntroducing Executive Dashboard: Unparalleled Visibility Built Into Your Complete ASPMWhat Is Application Security Posture Management (ASPM)?Cycode Discovers a Supply Chain Vulnerability in BazelStep-by-Step: Integrating SAST into Your Development WorkflowCI/CD Pipeline Security: Best Practices Beyond Build and DeployStopping Alert Fatigue in 3 Simple StepsApplication Security Testing (AST) ExplainedSoftware Supply Chain Security DeconstructedConnecting the Dots: NIST SSDF, Self-Attestation, and a Complete ASPM PlatformThree Lessons from the Ledger Connect Kit Supply Chain AttackMastering Software Development Lifecycle Security: Best PracticesIntroducing Bearer's Advanced GitLab IntegrationSecurity with a High Engineer-to-AppSec Ratio: Insights from Jeevan SinghIntroducing Bearer AssistantAnnouncing beta support for PHP, alpha for Go and PythonBearer CLI: New features and improvements (summer update!)Celebrating 100,000 scansScaling Secure Code Review in Modern EnterprisesUsing Bearer to scan your code for Privacy risksImproving Bearer CLI's precision and recallBearer CLI: 2 months in retrospect of new features and improvements!How we battle test Bearer CLIAnnouncing GitHub Code Scanning integrationBearer CLI 1.3.0: Migrating rulesBearer CLI 1.2.0: Introducing TypeScript SupportDevelopers access more sensitive data than you think!Data-First Security should become the de facto standardDevelopers don’t care about (data) security!How to establish a data security policy that worksHow our product engineering workflow has evolvedHow we usability test our SaaS productYour data map is missing APIs and dependenciesDevSecOps: How to bring data security into the development workflowHow to approach holistic data managementYou should be automating your data flow mapHow adopting an OKR process has helped the Bearer team stay alignedHow Rust lets us monitor 30k API calls/minIntroducing the State of ASPM 2024 ReportApplication Security Posture Management (ASPM) and HealthcareAlways Thankful for Our CustomersASPM vs. CSPM: Understanding the Key DifferencesIntroducing an All-New Cycode: The Only Complete Approach to ASPMIntroducing Bulk Remediation for Software Composition Analysis (SCA)What Is ASPM (Application Security Posture Management)?Introducing Raven: CI/CD Pipeline Security with Open Source Vulnerability Scanner Starting with GitHub ActionsHow SCA and SAST Work Together for Security5 Steps to Overcome AppSec Chaos with a Complete ASPM PlatformCISA's SSDF Deadlines Have Passed! 14 Best Practices to Meet the Requirements and Why Every Software Company Should CareControlled Shift Left: A Strategic Blueprint for Modern Software Security with CycodeShadow Tokens: Persistence Under The RadarShifting Smart with GitOpsThe Benefits of an Application Security Posture Management (ASPM) Platform for Financial Services OrgsManaging the Risk of Hardcoded Secrets in AI-Generated CodeSecure Development Best Practices: Building Resilient Software ApplicationsElevating Cloud IaC Security: Harnessing the Power of Terraform Plan Scanning for Terraform MisconfigurationsBoost Azure DevOps Pipelines Security with CycodeSoftware Security 2.0 - Securing AI Generated CodeWe benchmarks the best SAST tools, and this is what we learnedIntroducing GitLab security scanner integrationTop 10 ways to secure Ruby on Rails applicationsDevSecOps for OpenAI: detecting sensitive data shared with generative AIsCan we prevent a security incident like Loom’s?We are open sourcing our SAST solution!Announcing our $8M seed roundAWS RDS data security best practicesThe ultimate guide to securing data for Rails developersData Security Controls: Six Types and How to Implement ThemData Breach Mitigation: 6 Steps You Can TakeData Flow Mapping: Why It Matters and How to Do ItAn In-Depth Guide to Conducting a Data Security AuditShadow APIs are putting your business at riskWhat is an SLA? Service-Level Agreements and how to find themHere's why your SaaS needs a DPAAPI security best practicesInfinite scrolling pagination with Rails, Hotwire, and TurboHow to publish code in blog posts with WebflowTips for implementing privacy by designSOC reports and why your API vendors should have oneUnderstanding an API provider's privacy policyDo you need a DPA from subprocessors?What is a ROPA, why you need one, and how to make the process easierHow to discover sensitive data across your productsTips for using tree sitter queriesHow to monitor sensitive data encryptionHow to detect unauthorized data sharing with third-partiesThe difference between Turbo Streams and Turbo FramesSnapshot testing ViewComponents with RSpecHow to monitor cross-border data transfersHow we use Static Code Analysis to map data flowsHow to build modals with Hotwire (Turbo Frames + StimulusJS)Why Hotwire in 2021How We Optimized Testing Time and Monitoring in 5 Days at CycodeHow We Allowed Customers to Dynamically Filter Out Alerts with String Evaluation6 Tips for Stronger Developer Team ManagementAWS Neptune, Neo4J, ArangoDB or RedisGraph: How We Chose our Graph DatabaseSolving alias_method and prepend Conflicts in Our Ruby AgentWebinar in Review: Generative AI and Hardcoded SecretsUnderstanding Software Bill of Materials (SBOM): Enhancing Transparency and Security in Software Supply ChainsThe JumpCloud Attack: What We Know So FarVS Code's Token Security: Keeping Your Secrets... Not So SecretlyHow to Achieve SLSA Compliance in Azure PipelinesCycode Launches Enhanced Secret Validation Capabilities as part of its Secrets Detection modulePlugging Gerrit Security Gaps with CycodeHow to Mitigate the 6 Threats on your CI/CD Environment Listed in CISA & NSA CSIIntroducing Cimon: Your Superhero for CI/CD Pipeline SecurityCycode Announces New SBOM CapabilitiesThe Risks of Hardcoding Secrets in Code Generated by Language Learning ModelsSecurity Advisory: GitLab Malicious Runner VulnerabilitySLSA 1.0: Improving Software Supply Chain SecurityEnhancing CI/CD Pipeline Security with OIDC Tokens for Cloud AuthenticationCycode Launches New Application Security Posture Management (ASPM) SolutionOpen Source Licenses Made SimpleEnhancing Cloud Security with Cycode's S3 Scanning FeatureFrom Default to Secure: Analyzing the Vulnerability that Could Have Compromised Microsoft 365 UsersNew JIRA Integration Capabilities in Cycode: Keep Track of Your Tickets with EaseMaking Sense of SBOMs: The Minimum RequirementsMaking Sense of the software bill of materials (SBOM): The BasicsCycode and AWS Collaborate on a 3-Part Series of Videos: Navigating the Complexities of Securing CI/CD PipelinesCycode Takes Azure Security to the Next Level with Azure Container Registry (ACR) IntegrationIntroducing Container Secret ScanningCycode Discovers a Vulnerability in GitHub API Authorization - CVE-2022-46258The Overlooked Secret: Cycode Expands Secrets Detection CapabilitiesDetecting and Mitigating Source Code Compromise in the Wake of the CircleCI IncidentDon't Let Hardcoded Secrets Compromise Your Security: 4 Effective Remediation TechniquesSecurity Advisory: CircleCI Security BreachCycode Collaborates with CodeSee to Secure the Pipelines of Thousands of Open-Source ProjectsPipeline Composition Analysis: Expanding Visibility to Build Better Software Supply Chain SecurityCI-Story: How We Found Critical Vulnerabilities in StoryBook ProjectDoing More With Less: How to Improve AppSec Programs When Budgets DecreaseShifting Security Left with the Cycode CLILessons From OpenSSL’s 3.0.7 Security Patch (CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows)The Scariest Things About SCASecurity Advisory: Critical OpenSSL VulnerabilitySecurity Advisory: Text4Shell AttackPipeline Composition Analysis: The Next-Generation of SCASecurity Advisory: IconBurst AttackMulti-functional Threat Coverage: How Cycode handles latest Jenkins plugin vulnerabilitiesA Strong Foundation of Governance Improves All SDLC Security InitiativesAll Roads Lead to Build Secrets – Or How Your Build System Could Expose The Production EnvironmentISO 27001 Compliance5 Reasons Why Achieving Compliance in the SDLC Is Challenging for AppSec TeamsTypoSquatting, RepoJacking, and Domain Takeover - The Story of the Recent AttacksSecurity Advisory: CrateDepressionPCI DSS Compliance RequirementsCycode Recognized as a Cool Vendor in Recent Gartner® ReportDevSecOps Tools: How Security Tools Improve DevOps VelocityThe Real Cost of a Source Code LeakSOC 2 Type II ComplianceGitHub OAuth Compromise Affecting Heroku and Travis-CI UsersLateral Movement and the Threat to Software Supply Chains5 Steps to Protect Code Integrity in Software PipelinesSoftware Supply Chain Security: Best Practices & Tools for 2024Hardening Your SDLC in Response to Lapsus$ BreachesHow We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source ProjectsYour Software Supply Chain Is Your Weakest Security LinkFedRAMP Compliance for Cloud Service ProvidersUsing the Principle of Least Privilege for Maximum SecurityCycode Workflows: No-Code Automated Alerting & RemediationHow To Prevent AWS S3 Bucket MisconfigurationsSoftware Supply Chain Security: Your Attack Surface Is Bigger Than You ThinkJenkins Security Best PracticesImplementing SLSA Source Requirements to Improve Software Supply Chain SecurityNIST SSDF 1.1: A Brief Overview of the Final VersionImprove Application Security with Cycode's Knowledge Graph and PoliciesTerraform Cloud Drift Detection with Cycode IntegrationA Secrets Management Maturity ModelCycode Integration with JFrog Pipelines and Artifactory"Shadow Dev" and AppSec's Visibility GapTwo Ways to Address the Log4J VulnerabilityExecutive Order 14028: NIST SSDF ExplainedNIST Cybersecurity Framework (NIST CSF)AWS CloudFormation Security: 8 Best PracticesGoogle SLSA Cybersecurity Framework: Key TakeawaysUnderstanding the Trojan Source Attack and How to Defend Against It7 Terraform Security Best PracticesIntegrating Infrastructure as Code Security into Developer WorkflowsKubernetes Security Best Practices: 8 Tips to Secure K8s8 Infrastructure as Code (IaC) Best Practices for SecurityWhy Developers are Hackers’ New Targets (and What to do About it)Vendor vs. Developer: Codecov Lessons on AppSec ResponsibilityExploring the Chainjacking AttackHow to Setup Branch Protection Rules in Azure DevOpsThe Codecov Breach - Development Infrastructure is the Weakest Link & its Now Rapidly Being ExploitedESLint: Compromising the Build using Supply Chain AttackA Unique Supply Chain Attack: The 2020 SawfishBeyond SolarWinds: The "Octopus Scanner" Supply Chain AttackWhy Microsoft’s Latest SolarWinds Admission Can’t Be IgnoredSix AppSec Learnings from SolarWindsOWASP SAMM Framework: What You Need to KnowSecurity Best Practices for Azure DevOpsHow to Setup Branch Protection RulesGitHub Permissions for Maximum SecurityKeeping Your Secrets SafeAre We Making It Too Easy To Leak Our Source Code?The Bad Coding Habits That Leave Your Source Code ExposedDMCA & Source Code Leaks: Modern Enterprises’ Biggest ConcernLife After A Source Code LeakSecurity Best Practices for GitlabSecurity Best Practices for BitbucketSecurity Best Practices for GithubTightening Cyber Security Policies In The Covid-19 WFH EraYou Should Care About Securing Your Source CodeWhy Is Source Code So Hard To Protect?Cycode Won The Cybertech Startup Challenge!