Dan LorencShould You Sign Git Commits?Maybe, but probably for a different reason than you thinkJul 4, 20213Jul 4, 20213
Simon ConnahHow to install GnuPG on macOSThis article explains how to install GnuPG and GPG Suite on macOS.Aug 4, 2023Aug 4, 2023
InSynechronbyPaul JonesSecuring your Software Supply Chain with in-totoIntroducing the Supply ChainNov 19, 20211Nov 19, 20211
Vinayak PandeyPython Script To Get GitLab User ReportStep 1: Create a Personal Access Token with api access. This token can be used to perform read/write operationJul 8, 2024Jul 8, 2024
Robert DiersImproving Gitlab review processWe were missing two essential features in the Gitlab review process:Nov 22, 2024Nov 22, 2024
Rémi ReySLSA, it’s all about provenance attestationWhat do I have to do to actually implement SLSA ? Is it another hundreds of tasks listed in a document ?Oct 14, 2024Oct 14, 2024
InCider SecuritybyOmer GilPPE — Poisoned Pipeline ExecutionRunning malicious code in your CI, without access to your CIFeb 8, 2022Feb 8, 2022
Anshumaan SinghSecuring Your GitHub Organization: Advanced Best Practices for Code Protection and Workflow…GitHub is one of the most popular version control and collaboration platforms, used by developers and organizations around the world to…Nov 17, 2024Nov 17, 2024
Make Computer Science Great AgainThe Difference Between Symmetric and Asymmetric EncryptionIn today’s digital world, ensuring the security and privacy of information is more crucial than ever. Encryption is a fundamental…Aug 14, 2024Aug 14, 2024
Indevsecops-communitybyHarshit GuptaHow to Integrate Security into Your DevOps Pipeline (DevSecOps)🛡️In today’s fast-paced digital environment, security can no longer be an afterthought in software development. With the rise of DevOps…Nov 4, 20241Nov 4, 20241
Gaurav TiwariPolicy as Code: The Recipe for a Secure CloudImagine this: you’re a chef in a bustling restaurant. Orders are flying in, and you need to make sure every dish goes out perfectly…Nov 19, 2024Nov 19, 2024
Blogs4devsDevSecOps: Part 1In this blog, DevSecOps is discussed as an extension of DevOps, integrating security practices into the development and operations process…Aug 24, 2024Aug 24, 2024
Gopesh JangidHow to check vulnerabilities in NPM packages and prevent application from security threats ?As more and more applications rely on third-party packages, it’s important to ensure that those packages don’t contain any security…Apr 21, 2023Apr 21, 2023
InSpaceliftbySpaceliftInfrastructure as Code (IaC) and Policy as Code Scanning for VulnerabilitiesIn this article, we’ll examine IaC scanning and policy as code, providing practical examples of running IaC security scans to check for…Nov 19, 2024Nov 19, 2024
InGlobantbyJuan Carlos Lujan DuqueA Step-by-Step threat modeling challenge approachQuestions and answers to guide you on how to apply a threat modeling challenge approach.May 2, 2024May 2, 2024
Mesut OezdilOn Out-of-band Application Security Testing (OAST)OAST detects hidden security vulnerabilities by analyzing external interactions of applications. It complements SAST and DAST, offering…Sep 23, 2024Sep 23, 2024
InTowards AWSbyLasantha SanjeewaIntegrating Trivy and SonarQube with Jenkins PipelineIn this project, I will create a full CI/CD pipeline using Jenkins, incorporating SonarQube for code quality analysis and Trivy for…Sep 17, 2024Sep 17, 2024
InITNEXTbyKrzysztof PranczkA Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-TrackThe article presents how to store and analyse Software Bill of Materials with OWASP Dependency-Track to identify security vulnerabilities…Sep 26, 20231Sep 26, 20231