CI/CD Security
Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws
The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that ...
Security Boulevard
Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks
Organizations are being urged to fix two security vulnerabilities in Jenkins that could allow unauthenticated attackers to remotely execute arbitrary code in the popular open source software tool that is used to ...
Security Boulevard
SCA and CI/CD: The Most Delicious Alphabet Soup
rezilion | | CI/CD Security, SBOM, SCA, sdlc, software bill of materials, Software Composition Analysis, Uncategorized
In the continuous delivery (CI)/continuous delivery (CD) pipeline, one of the key ingredients to add to the pot is software composition analysis (SCA), an automated process that identifies the open source software ...
Danger: Researchers exploit gaps in connected vehicle software supply chain
Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns. A group of researchers probing the security of applications and infrastructure that supports connected vehicles ...
After hack, CircleCI tells devs to update secrets now
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers ...
8 CI/CD best practices: Secure your software development pipeline
Don't neutralize CI/CD business gains by failing to account for risk. Here are best practices to ensure your software development pipeline is secure. As the adoption of continuous integration/continuous delivery (CI/CD) approaches ...
8 CI/CD security best practices: Protect your software pipeline
With CI/CD approaches to software development spreading ever more widely, the benefits are stacking up for many organizations. A recent study by the Continuous Delivery Foundation (CDF) shows that developers who use ...
GitLab Releases Bevy of Security and Compliance Enhancements
If any good came out of the Log4j vulnerability and SolarWinds attacks, it was the fact that they dramatically increased awareness of software supply chain security. Software supply chain security is only ...
Security Boulevard
The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security
Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed ...
The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security
Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed ...