Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

sumologic

Secure your CI/CD pipelines from supply chain attacks with Sumo Logic's Cloud SIEM rules

Mar 20, 2025 By Dan Kaiser In Sumo Logic
Supply chain attacks, particularly those targeting continuous integration/continuous delivery (CI/CD) pipelines, are on the rise. It’s easy to think of these attacks as something that only happens to others, but the reality is that your organization is part of the supply chain too. Whether your company develops software for internal use, offers it as part of a service to your customers, or sells it as a product, you’re exposed.
Read Post

Yonit Gruber-Hazani: Securing the Pipeline: Remediating CI/CD Vulnerabilities with SLSA | DevSecNext

Mar 19, 2025 By Jit In Jit
Software supply chain attacks are on the rise, exploiting gaps in CI/CD pipelines to introduce malicious code. In this talk, Yonit Gruber-Hazani dives deep into common CI/CD vulnerabilities and how to mitigate them using the SLSA (Supply-chain Levels for Software Artifacts) framework. This talk was recorded at DevSecNext, a community-driven event reimagining how we share security insights—short, to the point, and packed with actionable takeaways.
View Video
securitysenses

Application Packaging Services vs. In-House Packaging: What's Right for You?

Mar 17, 2025 By SecuritySenses In SecuritySenses
Should you perform in-house packaging or use application packaging services? Obviously, both options have their pros and cons. It always comes down to your requirements, expectations, but also deadlines and other factors. In many cases, app packaging services tend to be quicker, however there are still many companies that go for in-house packaging because they already have that system in place and set up correctly.
Read Post
securitysenses

Testing Authorization Policies in CI/CD Environments: Best Practices

Feb 14, 2025 By SecuritySenses In SecuritySenses
When you're nearing bringing a new update to production, you may rather not want to realize that everyone and anyone has complete open access to sensitive data, just before you're about to deliver the update. Misconfiguring or properly not configuring an authorization policy could lead to a scenario just like that. Things move fast in the CI/CD environment, with code changes and constant deployments, so it's not hard to see how a security mistake can slip under the radar. But when it does, you can expect security breaches, regulatory violations, and huge losses, are swiftly follow. And you definitely want to prevent those.
Read Post
Spectral

Secure Your CI/CD Pipelines: 7 Best Practices You Can't Ignore

Feb 12, 2025 By Eyal Katz In Spectral
What’s the difference between an unsupervised toddler with markers and an unsecured CI/CD pipeline? Both look fine at first, but chaos is inevitable. While a toddler might scribble on walls, an unsecured pipeline invites attackers to wreak havoc on your digital assets. Cleaning up after either is tough—prevention is smarter. The CrowdStrike 2024 report reveals that cloud-conscious intrusions skyrocketed by 110% in 2023.
Read Post
sysdig

How to secure every stage of the CI/CD pipeline with Sysdig

Dec 12, 2024 By Marla Rosner In Sysdig
Securing operations in the cloud can seem daunting. To protect your organization, you need to have the proper preventative and reactive safeguards in place at every step of the software development cycle. But it doesn’t have to be as complex as it sounds. This blog outlines how to secure the entire software development lifecycle, emphasizing the “shift left” approach, which aims to catch vulnerabilities and issues early in the development process to reduce both risks and costs.
Read Post
Spectral

GitHub actions vs. Jenkins for CI/CD Pipelines

Dec 4, 2024 By Eyal Katz In Spectral
There’s an age-old saying you can tell an engineer’s age by their preferred CI/CD (continuous integration and continuous delivery) tool. Depending on who you talk to, the battle-tested Jenkins remains their weapon of choice, while GitHub Actions is the new kid on the block turning heads. However, here’s something that might surprise you – about half of all developers spend less than 20 hours per week on actual software development tasks.
Read Post
foresiet

Cisco's CI/CD Pipeline Weaknesses:Hard-Coded Credentials & Misconfigurations Revealed

Oct 16, 2024 By Foresiet In Foresiet
In recent weeks, reports have surfaced regarding a significant breach involving Cisco, exposing sensitive data from various organizations. This blog post delves into the details of the breach, the compromised data, the implicated companies, and the methods used by attackers to gain access to such critical information.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.