Hardening SDLC

5 Steps to Protect Code Integrity in Software Pipelines

August 24, 2022April 12, 2022 by Jon Jarboe

Get 5 straightforward steps that any organization can take to harden their pipelines to keep attackers out.

Hardening Your SDLC in Response to Lapsus$ Breaches

August 24, 2022March 22, 2022 by Ronen Slavin

Over the last several weeks, Lapsus$ has taken down a who’s who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

August 24, 2022March 18, 2022 by Alex Ilgayev

Cycode discovered critical vulnerabilities in several popular open-source projects, each of which can cause a supply-chain attack through the CI process.

Cycode Workflows: No-Code Automated Alerting & Remediation

November 22, 2022March 3, 2022 by Tony Loehr

Cycode workflows allow users to automate security functions such as alerting, ticketing, and remediation that respond directly to triggered violations or vulnerabilities.

Software Supply Chain Security: Your Attack Surface Is Bigger Than You Think

August 24, 2022February 28, 2022 by Julie Peterson

Software Supply Chain Security and SDLC Attack Vectors

When most organizations approach software supply chain security, too often they think only about securing the open source or third-party dependencies in their code.

Jenkins Security Best Practices

August 24, 2022February 28, 2022 by Alex Ilgayev

Jenkins is one of the most well-known tool for creating automation pipelines and integrating them with the rest of your CI/CD tools. It has an active community that has contributed thousands of plugins to extend Jenkins’ core functionality…

Implementing SLSA Source Requirements to Improve Software Supply Chain Security

November 22, 2022February 24, 2022 by Tony Loehr

SLSA source requirements help mitigate threats originating from source control management.

A Secrets Management Maturity Model

November 3, 2022January 14, 2022 by Jon Jarboe

Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.

Cycode Integration with JFrog Pipelines and Artifactory

November 22, 2022December 31, 2021 by Tony Loehr

JFrog and Cycode created an integration that will improve the security of our customers’ digital assets and dependencies.

NIST Cybersecurity Framework (NIST CSF)

November 22, 2022November 28, 2021 by Tony Loehr

The National Institute of Standards and Technology (NIST) first released its Cybersecurity Framework in 2014 in response to an Obama-era Executive Order mandating…