Securing your CI/CD: an OIDC Tutorial
The article highlights the significance of securing CI/CD systems and offers three best practices. It introduces OpenID Connect (OIDC) as a means to employ short-lived tokens for improved security.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
A New Version of Mend for Containers is Here
As modern software becomes increasingly cloud-based and containerized, application security tools must adapt to meet new challenges and provide security coverage across the software development lifecycle (SDLC). The use of container platforms like Docker and orchestration tools like Kubernetes inherently solves some security concerns – but containers are not without risk, and can even inject some new risks into your organization’s software.
Mend.io Launches New Version of Mend for Containers
New Features Protect Cloud-Native Applications from Vulnerabilities and License Risks Throughout Software Development Lifecycle.
The state of stateful applications on Kubernetes
Kubernetes has become one of the most popular platforms for running cloud-native applications. This popularity is due to several factors, including its ease of use and ability to handle stateless applications. However, running stateful applications, such as databases and storage systems, on Kubernetes clusters is still debatable. In other words, does Kubernetes and its containerized ecosystem provide a solid and reliable infrastructure to run such critical applications?
DevOps Speakeasy with Brett Smith
We caught up with Brett Smith, Software Architect at SAS. In his session, Supply Chain Robots, Electric Sheep, and SLSA Brett discusses creating automation, shifting left, attack vectors, attestation, verification, zero trust, and how the SLSA specification helps implement solutions for each. Most importantly, security must apply throughout a pipeline. The talk will lead to a larger discussion about the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
DevOps Speakeasy with Tracy Ragan
This episode of DevOps Speakeasy features Tracy Ragan, CEO of DeployHub and CDF board member. Ragan joins us to discuss how to secure your DevOps pipeline with new security tools. There has been a security awakening among IT teams around the world. This awakening has resulted in the release of new open source tools that you can use today. From hardening the build process to gathering actionable supply chain intelligence. Her session will review the new generation of open source security tools to incorporate into your security strategy.
Mend.io Supply Chain Defender
Mend Supply Chain Defender helps protect enterprises against software supply chain attacks. It detects and blocks malicious open source packages before your developer can download them — and before they can pollute your codebase with malicious activity. Mend Supply Chain Defender has already detected and reported thousands of malicious packages that were swiftly removed from their registries, to protect open source users from accidentally installing malicious code.
Mend.io JIRA Security Dashboard Integration
Overview The Mend Jira Security Dashboard is a new option included in the Jira Cloud plugin that provides a centralized view of security issues and risks across all Jira projects, making it easier for you and your teams to prioritize and address security concerns. Use cases for the Jira Security Dashboard The Mend Jira Security Dashboard addresses the following scenarios: As an AppSec Manager, it is imperative to have real-time visibility into the overall security health of your development teams' applications within your issue-tracking tool, Jira.
The Role of Leadership in Successful DevSecOps Adoption
Customer Speakers: Woolworths | Pablo Reyes, AppSec Lead Shopback | Dipin Thomas, Engineering Manager Coinhako | Metarsit Leenayongwut, Engineering Manager Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
How to Restore Velero Backup Data Without Velero
Velero is the most popular tool for backing up and restoring Kubernetes cluster resources and persistent volumes. However, there may be situations where you need to restore Velero backup data without using Velero itself. For example, if Velero is not installed and configured correctly, or if more fine-grained restore control is required. In this post, we will explore how to do this when either Restic or Kopia was used by Velero to store the persistent volume (PV) data.