Archive for the ‘App Sec’ Category

GitLab custom roles help teams control access to code, settings, tokens, and webhook administration without promoting every advanced user to Maintainer or Owner. The key is understanding where custom roles help, where token scopes still matter, and how both shape access to data through the GitLab API and GitLab webhooks

Socket.dev prevents supply chain attacks by scanning dependencies for malware signatures, obfuscated code, and suspicious behaviors like data exfiltration or unauthorized API calls in JS, Python, and Go packages. Integrated into GitHub, GitLab, and Jenkins CI/CD pipelines, it blocks threats at the PR stage without uploading source code, complementing tools like SonarQube in DevSecOps workflows.

Our tools, services and solutions for Secure Code development, AppSec, and DevSecOps to protect your software at every SDLC stage

Here is an updated overview I prepared on Socket Security’s solution for preventing attacks on the software and application supply chain. Socket Security: An Overview Socket Security positions itself as a Supply Chain Security platform with a ‘Developer-first’ approach, directly targeting the problem of malicious and risky Open Source dependencies. With modern code often based on over 90% Open Source code […]