Archive for the ‘DevSecOps’ Category

GitLab custom roles help teams control access to code, settings, tokens, and webhook administration without promoting every advanced user to Maintainer or Owner. The key is understanding where custom roles help, where token scopes still matter, and how both shape access to data through the GitLab API and GitLab webhooks

The Future of Multi-Domain Secure Operations Mattermost has officially expanded its Intelligent Mission Environment with the launch of Mattermost Enterprise Advanced. This new product tier is specifically designed to meet the rigorous security and resilience requirements of multi-domain operations, joining the existing Mattermost Professional and Enterprise lines. Enterprise Advanced offers a comprehensive messaging and collaboration […]

In the wake of the PyPI LiteLLM supply chain attack that backdoored packages to steal Kubernetes credentials, SonarQube emerges as DevSecOps shield. Discover how Sonar scans dependencies- complete with GitHub Actions and GitLab CI/CD.

In the wake of the PyPI LiteLLM supply chain attack that backdoored packages to steal Kubernetes credentials, JFrog emerges as DevSecOps shield. Discover how Artifactory proxies, Curation blocks malicious deps, and Xray scans binaries – complete with GitLab CI/CD and Azure DevOps.

Using GitLab as your end‑to‑end DevOps platform helps you prevent supply‑chain attacks (like the recent PyPI litellm compromise) and block malware from entering your environment by enforcing controls directly in the CI/CD pipeline, dependency flow, and identity layer. Below is how that maps to your concrete threat model. Note: Implementing these practices requires a GitLab […]

Socket.dev prevents supply chain attacks by scanning dependencies for malware signatures, obfuscated code, and suspicious behaviors like data exfiltration or unauthorized API calls in JS, Python, and Go packages. Integrated into GitHub, GitLab, and Jenkins CI/CD pipelines, it blocks threats at the PR stage without uploading source code, complementing tools like SonarQube in DevSecOps workflows.

Docker company announced its catalog of “Hardened Images” is now free and open source. Here is a breakdown of what this means for users.

Our tools, services and solutions for Secure Code development, AppSec, and DevSecOps to protect your software at every SDLC stage

Here is an updated overview I prepared on Socket Security’s solution for preventing attacks on the software and application supply chain. Socket Security: An Overview Socket Security positions itself as a Supply Chain Security platform with a ‘Developer-first’ approach, directly targeting the problem of malicious and risky Open Source dependencies. With modern code often based on over 90% Open Source code […]

Comparison of HashiCorp Vault Enterprise vs Open Source vs Cloud including: technology; security, availability, user interface, pricing etc.

We have been chosen to officially represent the solutions of Jfrog,
and we now offer licensing, support, integration with complementary tools, managed services and more.

I am happy to provide updates on several topics regarding SonarQube: Celebrating 17 Years of Sonar. In an article marking 17 years since the founding of Sonar, founder Olivier Gaudin reviews the company’s evolution from a small open-source project in Geneva to a global standard currently serving over 7 million developers. Gaudin writes that in the AI era, code quality is more relevant than ever. While AI dramatically accelerates code writing, it creates a critical need for an independent verification layer…

Here we summarize our current offering of our DevSecOps and AppSec solutions including SAST, SCA, DAST, code security and more

ALM-Toolbox celebrates 10 years of supporting GitLab, helping teams worldwide accelerate DevOps and DevSecOps success

Docker Business is one of key subscription tiers of Docker solution, and it adds more secure layers on top of the basic Docker offering.A common question we get is “What are the special features available only in Docker Business?” So, we’ve put together a quick summary for you. Note: Want a fully detailed list of […]