InSynechronbyPaul JonesSecuring your Software Supply Chain with in-totoIntroducing the Supply ChainNov 19, 20211Nov 19, 20211
Vinayak PandeyPython Script To Get GitLab User ReportStep 1: Create a Personal Access Token with api access. This token can be used to perform read/write operationJul 8Jul 8
Robert DiersImproving Gitlab review processWe were missing two essential features in the Gitlab review process:Nov 22Nov 22
Rémi ReySLSA, it’s all about provenance attestationWhat do I have to do to actually implement SLSA ? Is it another hundreds of tasks listed in a document ?Oct 14Oct 14
InCider SecuritybyOmer GilPPE — Poisoned Pipeline ExecutionRunning malicious code in your CI, without access to your CIFeb 8, 2022Feb 8, 2022
Anshumaan SinghSecuring Your GitHub Organization: Advanced Best Practices for Code Protection and Workflow…GitHub is one of the most popular version control and collaboration platforms, used by developers and organizations around the world to…Nov 17Nov 17
Make Computer Science Great AgainThe Difference Between Symmetric and Asymmetric EncryptionIn today’s digital world, ensuring the security and privacy of information is more crucial than ever. Encryption is a fundamental…Aug 14Aug 14
Indevsecops-communitybyHarshit GuptaHow to Integrate Security into Your DevOps Pipeline (DevSecOps)🛡️In today’s fast-paced digital environment, security can no longer be an afterthought in software development. With the rise of DevOps…Nov 4Nov 4
Gaurav TiwariPolicy as Code: The Recipe for a Secure CloudImagine this: you’re a chef in a bustling restaurant. Orders are flying in, and you need to make sure every dish goes out perfectly…Nov 19Nov 19
Blogs4devsDevSecOps: Part 1In this blog, DevSecOps is discussed as an extension of DevOps, integrating security practices into the development and operations process…Aug 24Aug 24
Gopesh JangidHow to check vulnerabilities in NPM packages and prevent application from security threats ?As more and more applications rely on third-party packages, it’s important to ensure that those packages don’t contain any security…Apr 21, 2023Apr 21, 2023
InSpaceliftbySpaceliftInfrastructure as Code (IaC) and Policy as Code Scanning for VulnerabilitiesIn this article, we’ll examine IaC scanning and policy as code, providing practical examples of running IaC security scans to check for…Nov 19Nov 19
InGlobantbyJuan Carlos Lujan DuqueA Step-by-Step threat modeling challenge approachQuestions and answers to guide you on how to apply a threat modeling challenge approach.May 2May 2
Mesut OezdilOn Out-of-band Application Security Testing (OAST)OAST detects hidden security vulnerabilities by analyzing external interactions of applications. It complements SAST and DAST, offering…Sep 23Sep 23
InTowards AWSbyLasantha Sanjeewa SilvaIntegrating Trivy and SonarQube with Jenkins PipelineIn this project, I will create a full CI/CD pipeline using Jenkins, incorporating SonarQube for code quality analysis and Trivy for…Sep 17Sep 17
InITNEXTbyKrzysztof PranczkA Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-TrackThe article presents how to store and analyse Software Bill of Materials with OWASP Dependency-Track to identify security vulnerabilities…Sep 26, 20231Sep 26, 20231
Fred BlaiseIncluding risk acceptance in vulnerability managementEvery business takes risks, just as engineers take risks every day to meet business demands. Risk is certainly not something to avoid at…Jan 21, 20211Jan 21, 20211
InDevRootbyLeandro B.Deploying Dependency Track as a Container in Azure and building a PipeLine with Azure DevopsIn this article I will be showing how to deploy OWASP Dependency Track into an Azure Container and use it as an application. I will also…Aug 1, 20204Aug 1, 20204
