DevSecOps

A collection of 23 posts

4 Reasons MSPs Should Monitor Their GitHub Footprint

4 Reasons MSPs Should Monitor Their GitHub Footprint

In recent years, resorting to MSPs has become very popular for companies wanting to accelerate the digitization of their businesses. With this surge in popularity, MSPs now face the question: how to ensure we can meet our cybersecurity responsibilities?

DevSecOps and the AppSec Shared Responsibility Model

DevSecOps and the AppSec Shared Responsibility Model

In their latest white paper, GitGuardian examines why implementing DevSecOps at scale to protect the modern software factory means evolving traditional AppSec. Read more to learn how the shared responsibility model adoption will unlock security in an agile world.

CI Pipelines: 5 Risks to Assess

CI Pipelines: 5 Risks to Assess

More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.

Hunting for secrets in Docker Hub: what we’ve found

Hunting for secrets in Docker Hub: what we’ve found

In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our results to the ones we have with source code scanning.

Shift your CI to GitHub Actions

Shift your CI to GitHub Actions

Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.

Why SAST + DAST can't be enough

Why SAST + DAST can't be enough

Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.

NIST's recommendations for secure DevSecOps

NIST's recommendations for secure DevSecOps

Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.

Initial Access Techniques - MITRE ATT&CK

Initial Access Techniques - MITRE ATT&CK

This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.

Shift Left - Moving security to the development phase - the case of secrets detection in code repositories

Shift Left - Moving security to the development phase - the case of secrets detection in code repositories

With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.

DevSecOps Glossary

DevSecOps Glossary

A helpful glossary of common terms and definitions used in DevSecOps explained with amusing comics.

Git hooks - pre-commit, post-commit, post-receive

Git hooks - pre-commit, post-commit, post-receive

Automated secrets detection in your software development lifecycleDevelop fast, and secure things! Git hooks are extremely useful in the journey to replace as much of the human factor in the process of secure development as possible. In this blog post, I will take the

arrow-down