Blog

The EU AI Act: A New Era for AI Governance (and What it Means for You)New EU Product Liability Directive: Impact on Software Producers with Real-Life ExamplesIntroducing Cycode’s VP of EMEA Sales, Jochen KoehlerLeveraging Cycode’s Complete ASPM to Strengthen Perforce Helix Core SecuritySoftware Supply Chain Risks and How to Mitigate ThemLottie Web Player Malicious Package: All You Need to KnowIntroducing ASPM University: The #1 Resource for AppSec and Product Security Pros8 Key Insights From ASPM Nation 2.0Why Application Security Posture Management is Essential for PCI-DSS 4.0Why ASPM Requires an Independent Approach: Exploring the Role of ASPM vs. CNAPP | Part 1Static Application Security Testing Buyer’s Guide: How to Choose the Right Tool for Your TeamApplication Security Assessments: A Step-by-Step Guide to Securing Your SoftwareStrengthening Your DevOps Pipeline: Essential Tools and Best PracticesSecret Scanning GuideHow Cycode’s Complete ASPM Platform Helps Organizations Achieve FedRAMP ComplianceWhat it Means to be an Enterprise Ready ASPM PlatformResetting Application Security: 5 Reasons to Attend ASPM Nation 2.0How ASPM Solutions Help Companies Prepare for DORA ComplianceComponent #2 of 3 of a Complete ASPM — Application Security TestingBuilding a Winning Security Program: Lessons from the Fantasy Football DraftKick Your SAST Out! Leverage Cycode’s Modern SAST Over Your Legacy SAST ToolHow Application Security Posture Management (ASPM) Secures Cloud ApplicationsSecrets Detection - Powered by CycodeAIComponent #1 of 3 of a Complete ASPM — Pipeline SecurityIntroducing Cycode's New Field CTO, Jimmy Xu5 Things The Olympics Taught Us About ASPMUnveiling AI-Driven Material Code Change AlertingHow to Detect Secrets in Source Code?AI Discovery with Cycode AI: Uncovering AI Usage & Risk Across Your OrganizationSecuring Artifacts: Keyless Signing with Sigstore and CI/MONBuy or Build? Evaluating the ROI of ASPM PlatformsIntroducing Cycode AI: Bringing AI Inside the Only Complete ASPMStrengthening Cybersecurity Together: The Crucial Role of ASPM and RBVM IntegrationIntroducing Cycode + Invicti: Connecting DAST Findings to Source Code Through a Complete ASPMHow to Use the Cycode RIG APIWhat Is Open Source Security Software?Non-Human Identity Management: A GuideCycode Secrets Scanning Now in Jira and ConfluenceOpenSSH Vulnerability CVE-2024-6387: What You Need to KnowCycode Named in the Gartner® Hype Cycle™ for Platform Engineering, 2024 ReportHow To Evaluate Secret Detection ToolsUnveiling AI-Driven Material Code Change Alerting5 Reasons to Read Code Resilience in the Age of ASPMCycode Named in the 2024 Forrester Software Composition Analysis Software Landscape ReportCode Resilience in the Age of ASPM Book LaunchCycode and GuidePoint Security Cement Strategic PartnershipWhat Is Risk-Based Vulnerability Management (RBVM)?Redis or Not - Revealing a Critical Vulnerability in Argo CD Kubernetes ControllerIntroducing Cycode’s ASPM MarketplaceCimon Delivers Continuous Assurance and Automatic SLSA ComplianceConnectorX and Application Security Testing: Achieving a Complete ASPM with CycodeCygives: Cycode’s New Developer InitiativeUniversal CNAPP Traceability Now Possible with Cycode’s Complete ASPM and ConnectorXWhat Is Software Composition Analysis (SCA)?Introducing Cycode's SCA Reachability AnalysisSisense Breach: Using Secrets Scanning to Strengthen Your DefensesCracking the Code: A Comprehensive Guide to Secrets DetectionASPM as a Force Multiplier in Secure Business Resilience: A CISO’s PerspectiveEnhancing Security Prioritization with Cycode's Advanced Risk ScoringXZ Backdoor Software Supply Chain Attack: Strengthening Our DefensesWhat Is Static Application Security Testing (SAST)?Cycode + Wiz: Bringing Cloud Security into Your Complete ASPM via ConnectorXIntroducing Cycode's New Security Tools for Developers and AppSec TeamsHow CISOs and CEOs Can Build a Cyber Resilient Org with a Complete ASPMCycode Acquires Bearer to Deliver AI-Powered SAST and API Discovery to Its Complete ASPMKey Insights from the Industry's First Ever ASPM Nation EventTop Source Code Leaks, 2020-2024Building Secure CI/CD Pipelines: Key Strategies from NIST SP 800-204DCycode Risk Intelligence Graph (RIG) Now Built with AI InsideCycode Named in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms Report7 Reasons to Attend ASPM Nation: A Valentine's Day Special for Cybersecurity LoversIntroducing Executive Dashboard: Unparalleled Visibility Built Into Your Complete ASPMWhat Is Application Security Posture Management (ASPM)?Cycode Discovers a Supply Chain Vulnerability in BazelCI/CD Pipeline Security: Best Practices Beyond Build and DeployStopping Alert Fatigue in 3 Simple StepsApplication Security Testing (AST) ExplainedSoftware Supply Chain Security DeconstructedConnecting the Dots: NIST SSDF, Self-Attestation, and a Complete ASPM PlatformThree Lessons from the Ledger Connect Kit Supply Chain AttackMastering Software Development Lifecycle Security: Best PracticesIntroducing the State of ASPM 2024 ReportApplication Security Posture Management (ASPM) and HealthcareAlways Thankful for Our CustomersASPM vs. CSPM: Understanding the Key DifferencesIntroducing an All-New Cycode: The Only Complete Approach to ASPMIntroducing Bulk Remediation for Software Composition Analysis (SCA)What Is ASPM (Application Security Posture Management)?Introducing Raven: CI/CD Pipeline Security with Open Source Vulnerability Scanner Starting with GitHub ActionsHow SCA and SAST Work Together for Security5 Steps to Overcome AppSec Chaos with a Complete ASPM PlatformCISA's SSDF Deadlines Have Passed! 14 Best Practices to Meet the Requirements and Why Every Software Company Should CareControlled Shift Left: A Strategic Blueprint for Modern Software Security with CycodeShadow Tokens: Persistence Under The RadarShifting Smart with GitOpsThe Benefits of an Application Security Posture Management (ASPM) Platform for Financial Services OrgsManaging the Risk of Hardcoded Secrets in AI-Generated CodeSecure Development Best Practices: Building Resilient Software ApplicationsElevating Cloud IaC Security: Harnessing the Power of Terraform Plan Scanning for Terraform MisconfigurationsBoost Azure DevOps Pipelines Security with CycodeSoftware Security 2.0 - Securing AI Generated CodeWe benchmarks the best SAST tools, and this is what we learnedIntroducing GitLab security scanner integrationTop 10 ways to secure Ruby on Rails applicationsDevSecOps for OpenAI: detecting sensitive data shared with generative AIsCan we prevent a security incident like Loom’s?We are open sourcing our SAST solution!AWS RDS data security best practicesThe ultimate guide to securing data for Rails developersData Security Controls: Six Types and How to Implement ThemData Breach Mitigation: 6 Steps You Can TakeData Flow Mapping: Why It Matters and How to Do ItAn In-Depth Guide to Conducting a Data Security AuditWhat is an SLA? Service-Level Agreements and how to find themHere's why your SaaS needs a DPAAPI security best practicesInfinite scrolling pagination with Rails, Hotwire, and TurboHow to publish code in blog posts with WebflowUnderstanding an API provider's privacy policyDo you need a DPA from subprocessors?What is a ROPA, why you need one, and how to make the process easierTips for using tree sitter queriesHow to monitor sensitive data encryptionHow to detect unauthorized data sharing with third-partiesThe difference between Turbo Streams and Turbo FramesSnapshot testing ViewComponents with RSpecHow we use Static Code Analysis to map data flowsHow to build modals with Hotwire (Turbo Frames + StimulusJS)How We Optimized Testing Time and Monitoring in 5 Days at CycodeHow We Allowed Customers to Dynamically Filter Out Alerts with String Evaluation6 Tips for Stronger Developer Team ManagementAWS Neptune, Neo4J, ArangoDB or RedisGraph: How We Chose our Graph DatabaseSolving alias_method and prepend Conflicts in Our Ruby AgentWebinar in Review: Generative AI and Hardcoded SecretsUnderstanding Software Bill of Materials (SBOM): Enhancing Transparency and Security in Software Supply ChainsThe JumpCloud Attack: What We Know So FarVS Code's Token Security: Keeping Your Secrets... Not So SecretlyHow to Achieve SLSA Compliance in Azure PipelinesCycode Launches Enhanced Secret Validation Capabilities as part of its Secrets Detection modulePlugging Gerrit Security Gaps with CycodeHow to Mitigate the 6 Threats on your CI/CD Environment Listed in CISA & NSA CSIIntroducing Cimon: Your Superhero for CI/CD Pipeline SecurityCycode Announces New SBOM CapabilitiesThe Risks of Hardcoding Secrets in Code Generated by Language Learning ModelsSecurity Advisory: GitLab Malicious Runner VulnerabilitySLSA 1.0: Improving Software Supply Chain SecurityEnhancing CI/CD Pipeline Security with OIDC Tokens for Cloud AuthenticationCycode Launches New Application Security Posture Management (ASPM) SolutionOpen Source Licenses Made SimpleEnhancing Cloud Security with Cycode's S3 Scanning FeatureFrom Default to Secure: Analyzing the Vulnerability that Could Have Compromised Microsoft 365 UsersNew JIRA Integration Capabilities in Cycode: Keep Track of Your Tickets with EaseMaking Sense of SBOMs: The Minimum RequirementsMaking Sense of the software bill of materials (SBOM): The BasicsCycode and AWS Collaborate on a 3-Part Series of Videos: Navigating the Complexities of Securing CI/CD PipelinesCycode Takes Azure Security to the Next Level with Azure Container Registry (ACR) IntegrationIntroducing Container Secret ScanningCycode Discovers a Vulnerability in GitHub API Authorization - CVE-2022-46258The Overlooked Secret: Cycode Expands Secrets Detection CapabilitiesDetecting and Mitigating Source Code Compromise in the Wake of the CircleCI IncidentDon't Let Hardcoded Secrets Compromise Your Security: 4 Effective Remediation TechniquesSecurity Advisory: CircleCI Security BreachCycode Collaborates with CodeSee to Secure the Pipelines of Thousands of Open-Source ProjectsPipeline Composition Analysis: Expanding Visibility to Build Better Software Supply Chain SecurityCI-Story: How We Found Critical Vulnerabilities in StoryBook ProjectDoing More With Less: How to Improve AppSec Programs When Budgets DecreaseShifting Security Left with the Cycode CLILessons From OpenSSL’s 3.0.7 Security Patch (CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows)The Scariest Things About SCASecurity Advisory: Critical OpenSSL VulnerabilitySecurity Advisory: Text4Shell AttackPipeline Composition Analysis: The Next-Generation of SCASecurity Advisory: IconBurst AttackMulti-functional Threat Coverage: How Cycode handles latest Jenkins plugin vulnerabilitiesA Strong Foundation of Governance Improves All SDLC Security InitiativesAll Roads Lead to Build Secrets – Or How Your Build System Could Expose The Production EnvironmentISO 27001 Compliance5 Reasons Why Achieving Compliance in the SDLC Is Challenging for AppSec TeamsTypoSquatting, RepoJacking, and Domain Takeover - The Story of the Recent AttacksSecurity Advisory: CrateDepressionPCI DSS Compliance RequirementsCycode Recognized as a Cool Vendor in Recent Gartner® ReportDevSecOps Tools: How Security Tools Improve DevOps VelocityThe Real Cost of a Source Code LeakSOC 2 Type II ComplianceGitHub OAuth Compromise Affecting Heroku and Travis-CI UsersLateral Movement and the Threat to Software Supply Chains5 Steps to Protect Code Integrity in Software PipelinesSoftware Supply Chain Security: Best Practices & Tools for 2024Hardening Your SDLC in Response to Lapsus$ BreachesHow We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source ProjectsYour Software Supply Chain Is Your Weakest Security LinkFedRAMP Compliance for Cloud Service ProvidersUsing the Principle of Least Privilege for Maximum SecurityCycode Workflows: No-Code Automated Alerting & RemediationHow To Prevent AWS S3 Bucket MisconfigurationsSoftware Supply Chain Security: Your Attack Surface Is Bigger Than You ThinkJenkins Security Best PracticesImplementing SLSA Source Requirements to Improve Software Supply Chain SecurityNIST SSDF 1.1: A Brief Overview of the Final VersionImprove Application Security with Cycode's Knowledge Graph and PoliciesTerraform Cloud Drift Detection with Cycode IntegrationA Secrets Management Maturity ModelCycode Integration with JFrog Pipelines and Artifactory"Shadow Dev" and AppSec's Visibility GapTwo Ways to Address the Log4J VulnerabilityExecutive Order 14028: NIST SSDF ExplainedNIST Cybersecurity Framework (NIST CSF)AWS CloudFormation Security: 8 Best PracticesGoogle SLSA Cybersecurity Framework: Key TakeawaysUnderstanding the Trojan Source Attack and How to Defend Against It7 Terraform Security Best PracticesIntegrating Infrastructure as Code Security into Developer WorkflowsKubernetes Security Best Practices: 8 Tips to Secure K8s8 Infrastructure as Code (IaC) Best Practices for SecurityWhy Developers are Hackers’ New Targets (and What to do About it)Vendor vs. Developer: Codecov Lessons on AppSec ResponsibilityExploring the Chainjacking AttackHow to Setup Branch Protection Rules in Azure DevOpsThe Codecov Breach - Development Infrastructure is the Weakest Link & its Now Rapidly Being ExploitedESLint: Compromising the Build using Supply Chain AttackA Unique Supply Chain Attack: The 2020 SawfishBeyond SolarWinds: The "Octopus Scanner" Supply Chain AttackWhy Microsoft’s Latest SolarWinds Admission Can’t Be IgnoredSix AppSec Learnings from SolarWindsOWASP SAMM Framework: What You Need to KnowSecurity Best Practices for Azure DevOpsHow to Setup Branch Protection RulesGitHub Permissions for Maximum SecurityKeeping Your Secrets SafeAre We Making It Too Easy To Leak Our Source Code?The Bad Coding Habits That Leave Your Source Code ExposedDMCA & Source Code Leaks: Modern Enterprises’ Biggest ConcernLife After A Source Code LeakSecurity Best Practices for GitlabSecurity Best Practices for BitbucketSecurity Best Practices for GithubTightening Cyber Security Policies In The Covid-19 WFH EraYou Should Care About Securing Your Source CodeWhy Is Source Code So Hard To Protect?Cycode Won The Cybertech Startup Challenge!