Tag: CI/CD security
Build vs. Buy: What it Really Takes to Harden Your Software Supply Chain
Matt Moore | | CI/CD security, container registry security, container vulnerabilities, devsecops, hardened images, Kubernetes security, secure build pipelines, Software Supply Chain SecurityWhen it comes to securing the software supply chain, engineering teams often assume that the choice between building their own hardened images or buying a solution is straightforward…until they try to build the ...
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
Alan Shimel | | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attackDevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
The DevSecOps Career Path: What No One Tells You About Getting Started
Philip Piletic | | CI/CD security, Cloud Security, container security, developer security skills, devops security, DevOps to DevSecOps, devsecops, DevSecOps career transition, DevSecOps certifications, DevSecOps roadmap, DevSecOps skills, infrastructure as code security, OWASP Top 10, Secure software delivery, supply chain securityDevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they're expected to understand ...
What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today?
Emily Amanda | | application security, CI/CD security, context-aware scanning, developer-friendly security, DevOps security integration, devsecops, modern security tools, noise reduction in alerts, real-time scanning, Secure software delivery, security feedback loop, security in pipelines, software vulnerabilities, vulnerability management metrics, vulnerability scanningTraditional vulnerability scanning can’t keep pace with CI/CD. Learn how real-time, context-aware scanning reduces noise, speeds fixes, and enables secure DevSecOps at scale ...
Why CI/CD Pipelines Break Zero-Trust: A Hidden Risk in Enterprise Automation
Surya Avirneni | | CI/CD security, Open Policy Agent (OPA), Secure software delivery, SPIFFE / SPIRE, Workload attestation, zero-trustThis article highlights a critical blind spot in pipeline security: The gap between job identity and runtime trust. Here’s how organizations can finally close it. ...
Tips For Securing CI/CD Pipelines
Most development teams want to increase the pace of their software delivery. As such, continuous integration and delivery (CI/CD) has grown in importance, helping push code from build to production as seamlessly ...
