CI/CD Security
Introducing Nosey Parker Explorer
Introducing Nosey Parker Explorer: an interactive review tool for findings from Nosey Parker - the machine learning powered, multi-phase solution for locating secret exposure. The post Introducing Nosey Parker Explorer appeared first ...
Recursive Amplification Attacks: Botnet-as-a-Service
Introduction On a recent client engagement, we tested a startup’s up-and-coming SaaS data platform and discovered an alarming attack path. The specific feature names and technologies have been generalized to anonymize the ...
Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws
The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that ...
Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks
Organizations are being urged to fix two security vulnerabilities in Jenkins that could allow unauthenticated attackers to remotely execute arbitrary code in the popular open source software tool that is used to ...
TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack
Introduction With the recent rise and adoption of artificial intelligence technologies, open-source frameworks such as TensorFlow are prime targets for attackers seeking to conduct software supply chain attacks. Over the last several ...
SCA and CI/CD: The Most Delicious Alphabet Soup
In the continuous delivery (CI)/continuous delivery (CD) pipeline, one of the key ingredients to add to the pot is software composition analysis (SCA), an automated process that identifies the open source software ...
Danger: Researchers exploit gaps in connected vehicle software supply chain
Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns. A group of researchers probing the security of applications and infrastructure that supports connected vehicles ...
After hack, CircleCI tells devs to update secrets now
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers ...
8 CI/CD best practices: Secure your software development pipeline
Don't neutralize CI/CD business gains by failing to account for risk. Here are best practices to ensure your software development pipeline is secure. As the adoption of continuous integration/continuous delivery (CI/CD) approaches ...
8 CI/CD security best practices: Protect your software pipeline
With CI/CD approaches to software development spreading ever more widely, the benefits are stacking up for many organizations. A recent study by the Continuous Delivery Foundation (CDF) shows that developers who use ...
