Hardening SDLC

5 Steps to Protect Code Integrity in Software Pipelines

May 31, 2022April 12, 2022 by Jon Jarboe

Get 5 straightforward steps that any organization can take to harden their pipelines to keep attackers out.

Hardening Your SDLC in Response to Lapsus$ Breaches

May 31, 2022March 22, 2022 by Ronen Slavin

Over the last several weeks, Lapsus$ has taken down a who’s who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

July 8, 2022March 18, 2022 by Alex Ilgayev

Cycode discovered critical vulnerabilities in several popular open-source projects, each of which can cause a supply-chain attack through the CI process.

Cycode Workflows: No-Code Automated Alerting & Remediation

June 8, 2022March 3, 2022 by Tony Loehr

Cycode workflows allow users to automate security functions such as alerting, ticketing, and remediation that respond directly to triggered violations or vulnerabilities.

Software Supply Chain Security: Your Attack Surface Is Bigger Than You Think

August 2, 2022February 28, 2022 by Julie Peterson

Software Supply Chain Security and SDLC Attack Vectors

When most organizations approach software supply chain security, too often they think only about securing the open source or third-party dependencies in their code.

Jenkins Security Best Practices

July 8, 2022February 28, 2022 by Alex Ilgayev

Jenkins is one of the most well-known tool for creating automation pipelines and integrating them with the rest of your CI/CD tools. It has an active community that has contributed thousands of plugins to extend Jenkins’ core functionality…

Implementing SLSA Source Requirements to Improve Software Supply Chain Security

June 27, 2022February 24, 2022 by Tony Loehr

SLSA source requirements help mitigate threats originating from source control management.

A Secrets Management Maturity Model

March 15, 2022January 14, 2022 by Jon Jarboe

Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.

Cycode Integration with JFrog Pipelines and Artifactory

May 31, 2022December 31, 2021 by Tony Loehr

JFrog and Cycode created an integration that will improve the security of our customers’ digital assets and dependencies.

Why Security Teams Consistently Fail to Implement Effective Security Controls Across the SDLC

June 8, 2022May 26, 2022 by Gil Ben-Horin

DevOps has been around for more than a decade…