Hardik Nandar0075h3ll.hashnode.dev·Sep 28, 2024Using Gitlab for DevSecOpsDevSecOps is an established - and now being adopted - philosophy that aims to foster collaboration between Developement, Security, and Operations teams in an Organization. Being an integral part of SDLC, security testing is something that has helped ...Discuss·120 readsDevops
Gift Ayodeledevgifttemitope.hashnode.dev·Sep 13, 2024What is Blockchain?Blockchain is a revolutionary technology that’s changing how we think about transactions, security, and trust. It’s the backbone behind cryptocurrencies like Bitcoin and Ethereum, but it’s much more than just about digital money. To put it simply, bl...DiscussProgramming FundamentalsBlockchainForBeginners
Kunal VermaforKubesimplifyblog.kubesimplify.com·Jun 13, 2024Supply Chain Security Using SLSA - Part 2 (The Framework)In Part 1 of our ongoing Supply Chain Security series, we delved into the fundamental aspects of supply chain security and its growing importance. If you haven’t yet checked out the first part, make sure to give it a read now! Now that we've establ...Discuss·11 likes·160 readsSecurity
Panagiotis Vasilikossecuringbits.com·Apr 24, 2024Cache Attacks on CI/CD SystemsA new type of attack affecting major CI/CD service providers. Attackers can exploit CI/CD cache mechanisms to inject malicious code or steal your secrets. This information is detailed in the paper by Gu, Ying, Chai, Pu, Duan and Gao "More Haste, Less...DiscussApplication Security
Panagiotis Vasilikossecuringbits.com·Apr 17, 2024Open-Source Secret Scanning ToolsImplement secret scanning in your pipelines today with the following 5 open-source tools: - Trufflehog https://github.com/trufflesecurity/trufflehog - GitLeaks https://github.com/gitleaks/gitleaks - Semgrep https://github.com/semgrep/semgrep - Talism...Discuss·33 readsOpen Source
GEANT TECH LLCforGEANT TECH LLCgeanttechnology-1694821411582.hashnode.dev·Nov 9, 2023Trivy - The Container Image ScannerPreamble: Trivy is an open source single binary application written in Go and designed to find vulnerabilities, misconfigurations, secrets, SBOMs (Software Bill of Materials) in Container Images and Virtual Machine Images. It is a versatile security ...Discuss·66 readstrivy
Panagiotis Vasilikossecuringbits.com·Oct 4, 2023Malicious VSCode ExtensionsAre malicious☠️VSCode extensions lurking in your workspace? Today's comic is inspired by the recent talk "Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws" by Ilay Goldman and Yakir Kadkoda from Aqua Security....Discusssupplychainsecurity
Avishek Sarkaraviii.hashnode.dev·Aug 15, 2023Dependency Confusion Attack on NPM: An End-to-End POCThe inspiring source here gave me creative inspiration for this blog. Dependency Confusion was initially disclosed by Alex Birsan. Introduction to Dependency Confusion Attack When building a web application or app, utilizing existing code and librari...Discuss·495 readssupplychainsecurity
Yankee Maharjanyankee.dev·Jul 8, 2023Securing Your Supply Chain: A Guide to Signing and Verifying BlobsSigning artifacts should be a crucial part of our workflow. As a part of Supply Chain Security, we must ensure that the artifact built on our CI platform is the artifact we are deploying on our production environments. If by any means, we cannot veri...Discuss·615 readsSecurity
Fawale Queenqueenislamiat.hashnode.dev·Apr 21, 2023Revolutionizing Software Security - Introducing Sigstore for DevelopersOne might have wondered at one point in their career how secure the software they are using is. It is not news that we live in an age where cyber-attacks are on the rise and for this reason, we should be more conscious and intentional about improving...Discuss·27 readssoftware development