Understanding the Trojan Source Attack and How to Defend Against It
There’s little doubt that 2021 has been the year of the software supply chain attack, with many notable breaches that include Solarwinds…
Governance
7 Terraform Security Best Practices
Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource provisioning…
8 Infrastructure as Code (IaC) Best Practices for Security
Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…
Why Developers are Hackers’ New Targets (and What to do About it)
Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications and even development environments.
Why Security Teams Consistently Fail to Implement Effective Security Controls Across the SDLC
DevOps has been around for more than a decade…
How to Setup Branch Protection Rules in Azure DevOps
Branch protection rules are a crucial part of securing source control management systems. Branch protection rules enable administrators…
GitHub Actions & Code Injection: Avoiding Vulnerable Configurations
As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences…
Cycode:
Source Control & CI/CD Security
The last decade of application development experienced a staggering amount of innovation. Technologies like containers, Kubernetes…
Preventing Code Tampering & Verifying Integrity Across Your SDLC
The SolarWinds breach underscores the importance of verifying the integrity of each phase of the development to prevent code…