Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SBOMs That Actually Matter

Apr 15, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

GitHub Token Recycing #github #tokenrecycling #tokens

Apr 15, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
mend

Best Software Composition Analysis (SCA) Tools: Top Solutions in 2026

Apr 14, 2026 By Tiffany Jennings In Mend
Software Composition Analysis (SCA) tools expose the risks in open source dependencies by identifying vulnerabilities, outdated dependencies, and license issues in your codebase. Top solutions include Mend.io (best for automated remediation and proactive SCA), Sonatype Lifecycle (known for enterprise policy management), Snyk (known for developer experience), and Checkmarx SCA (known for comprehensive coverage).
Read Post

Stop Drowning in Container CVE Alerts: Reachable Risk & Docker VEX with Mend.io

Apr 8, 2026 By Mend In Mend
Developers are often overwhelmed by thousands of container CVE alerts, most of which are unfixable base image noise. This walk-through covers how to use reachable risk factors and Docker VEX statements within the Mend.io platform to streamline your vulnerability management.
View Video
mend

Container Security Without Context Is Just More Noise

Apr 7, 2026 By Shannon Davis In Mend
Mend.io’s new Docker Hardened Images integration brings DHI intelligence directly into the AppSec workflow, giving a smarter, faster path to container security. Container scanning has a noise problem. Run a standard scan against any production image, and you’ll surface thousands of CVEs.
Read Post

Your AppSec Metrics Are Lying to You. Here's What Actually Matters

Apr 7, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video

The AI Compliance Gap No One's Talking About (ISO, NIST, EU AI Act)

Apr 2, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
mend

AI Application Security: 6 Focus Areas and Critical Best Practices

Apr 2, 2026 By Tiffany Jennings In Mend
AI application security protects AI-powered apps, including those powered by large language models ( LLMs), from unique threats like prompt injection, data poisoning, and model theft. It achieves this by securing the entire lifecycle, including code, data, algorithms, and APIs, using specialized tools and processes that go beyond traditional security measures. It involves securing the AI model’s behavior, training data, and outputs.
Read Post
mend

Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

Mar 31, 2026 By Tom Abai In Mend
On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named plain-crypto-js which, in its 4.2.1 release, contained a fully-featured cross-platform dropper that silently installed a Remote Access Trojan (RAT) on developer machines.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.