CI-CD
Case Study: How Lightspeed ensures full security compliance with Escape
Discover how Lightspeed, the unified point of sale and payments platform, maintains security compliance, and explore its API security challenges ...
The Secure Java Developer’s Toolkit
Java remains one of the most popular and widely-used programming languages. It’s not just about writing and running Java programs, though. A typical Java developer working in Linux has an entire ecosystem ...
Case Study: How Escape enhanced Shine’s application security
Discover how Shine, an online banking for professionals, enhanced API security. Explore their challenges and the transformative impact of Escape ...
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More
Software supply chain attacks have been increasing both in frequency and severity in recent months. In response to these attacks, the CISA has even released a cybersecurity information sheet (CSI) on how ...
Announcing Gato Version 1.5!
On January 21, 2023 at ShmooCon 2023, Praetorian open-sourced Gato (Github Attack Toolkit), a first of its kind tool that focuses on abusing offensive TTPs targeting self-hosted GitHub Actions Runners. Since then, ...
Phantom of the Pipeline: Abusing Self-Hosted CI/CD Runners
Introduction Throughout numerous Red Teams in 2022, a common theme of Source Control Supply Chain attacks in GitHub repositories has emerged. After many hours manually hunting for and exploiting these attack paths, ...
Debunking 5 Myths About Detection-as-Code
Would you let misconceptions keep you from adopting a tool that can help your security team do its best work? In my ten years of building security monitoring solutions, I learned that ...
8 CI/CD Metrics You Should Monitor
In a modern software development process, several steps are typically carried out to create a software system. These steps often build on each other, with each step providing the foundation for the ...
Introduction to Continuous Integration Observability
Continuous integration (CI) is a DevOps practice whereby code contributed by engineers is integrated into a project frequently and automatically. CI involves the use of a shared version control system (VCS), which ...
Why Microsegmentation is Critical for Securing CI/CD
Modern development environments are characterized by cloud-native technology, microservices architectures and DevOps or DevSecOps teams working in close coordination throughout the development life cycle. The continuous integration/continuous delivery (CI/CD) pipeline is the ...