Abhiramcloudbuddy.hashnode.dev·Oct 29, 2024Supply Chain Attacks: Securing Your Software from Third-Party CodeIn today's interconnected world, software applications increasingly rely on third-party components. While these components can accelerate development and provide valuable functionality, they also introduce new security risks. Supply chain attacks, wh...Discusssupplychainsecurity
Hardik Nandar0075h3ll.hashnode.dev·Sep 28, 2024Using Gitlab for DevSecOpsDevSecOps is an established - and now being adopted - philosophy that aims to foster collaboration between Developement, Security, and Operations teams in an Organization. Being an integral part of SDLC, security testing is something that has helped ...Discuss·128 readsDevops
Gift Ayodeledevgifttemitope.hashnode.dev·Sep 13, 2024What is Blockchain?Blockchain is a revolutionary technology that’s changing how we think about transactions, security, and trust. It’s the backbone behind cryptocurrencies like Bitcoin and Ethereum, but it’s much more than just about digital money. To put it simply, bl...DiscussProgramming FundamentalsBlockchainForBeginners
Kunal VermaforKubesimplifyblog.kubesimplify.com·Jun 13, 2024Supply Chain Security Using SLSA - Part 2 (The Framework)In Part 1 of our ongoing Supply Chain Security series, we delved into the fundamental aspects of supply chain security and its growing importance. If you haven’t yet checked out the first part, make sure to give it a read now! Now that we've establ...Discuss·11 likes·179 readsSecurity
Panagiotis Vasilikossecuringbits.com·Apr 24, 2024Cache Attacks on CI/CD SystemsA new type of attack affecting major CI/CD service providers. Attackers can exploit CI/CD cache mechanisms to inject malicious code or steal your secrets. This information is detailed in the paper by Gu, Ying, Chai, Pu, Duan and Gao "More Haste, Less...DiscussApplication Security
Panagiotis Vasilikossecuringbits.com·Apr 17, 2024Open-Source Secret Scanning ToolsImplement secret scanning in your pipelines today with the following 5 open-source tools: - Trufflehog https://github.com/trufflesecurity/trufflehog - GitLeaks https://github.com/gitleaks/gitleaks - Semgrep https://github.com/semgrep/semgrep - Talism...Discuss·33 readsOpen Source
GEANT TECH LLCforGEANT TECH LLCgeanttechnology-1694821411582.hashnode.dev·Nov 9, 2023Trivy - The Container Image ScannerPreamble: Trivy is an open source single binary application written in Go and designed to find vulnerabilities, misconfigurations, secrets, SBOMs (Software Bill of Materials) in Container Images and Virtual Machine Images. It is a versatile security ...Discuss·82 readstrivy
Panagiotis Vasilikossecuringbits.com·Oct 4, 2023Malicious VSCode ExtensionsAre malicious☠️VSCode extensions lurking in your workspace? Today's comic is inspired by the recent talk "Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws" by Ilay Goldman and Yakir Kadkoda from Aqua Security....Discusssupplychainsecurity
Avishek Sarkaraviii.hashnode.dev·Aug 15, 2023Dependency Confusion Attack on NPM: An End-to-End POCThe inspiring source here gave me creative inspiration for this blog. Dependency Confusion was initially disclosed by Alex Birsan. Introduction to Dependency Confusion Attack When building a web application or app, utilizing existing code and librari...Discuss·549 readssupplychainsecurity
Yankee Maharjanyankee.dev·Jul 8, 2023Securing Your Supply Chain: A Guide to Signing and Verifying BlobsSigning artifacts should be a crucial part of our workflow. As a part of Supply Chain Security, we must ensure that the artifact built on our CI platform is the artifact we are deploying on our production environments. If by any means, we cannot veri...Discuss·626 readsSecurity