| What is Pipelineless Security? |
Nir Valtman |
Dec 05, 2022 |
922 |
2 |
| 5 critical lessons from the latest GitHub phishing campaign by Gitloker |
Nir Valtman |
Jun 17, 2024 |
1389 |
- |
| Trouble Keeping Track of Your Keys? So Does Toyota: Lessons Learned from a Key Management Breach |
Nir Valtman |
Oct 12, 2022 |
355 |
2 |
| Azure Permissions: Managing Granular Permissions in Azure Devops |
Eran Medan |
Jan 10, 2023 |
1645 |
- |
| Why Risk Scanning Needs to be Free: Don't Just Find Risks, Fix Them |
Simon Wenet |
Nov 20, 2023 |
1283 |
- |
| Four takeaways from the NSA's software supply chain security recommendations |
Mike Doyle |
Sep 10, 2022 |
963 |
2 |
| Trying to identify spoofing in GitHub? May the 4th be with you! |
Mark Maney |
May 03, 2023 |
1976 |
1 |
| How to Determine the Severity of a Third-Party Risk with Software Composition Analysis (SCA) |
Simon Wenet |
Sep 27, 2023 |
1501 |
- |
| The Criticality of Context for Addressing Software Supply Chain Risk |
Mark Maney |
Jun 19, 2023 |
1753 |
- |
| Should I Manage Code in a Single Organization or Multiple Organizations? |
Mark Maney |
Jun 27, 2023 |
1101 |
- |
| [April fools] Introducing SecuriSlow™: Slowing Down Your Developers, Fast |
Nir Valtman |
Apr 01, 2024 |
274 |
- |
| Analyzing LastPass' Recent Security Incident Notification |
Mike Doyle |
Aug 26, 2022 |
785 |
1 |
| How to ensure your third-party software packages are reputable |
Mark Maney |
Aug 16, 2023 |
1909 |
- |
| Afraid of your source code leaking? I can tell by the Twitch in your eye…! |
Nir Valtman |
Jan 10, 2022 |
441 |
- |
| Best practices maintaining a secure development environment |
Mark Maney |
Jan 11, 2023 |
1961 |
- |
| How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development |
Doron Guttman |
Apr 17, 2023 |
1949 |
3 |
| Harnessing the Power of Secure Coding Practices for Effective CI/CD Security |
Nir Valtman |
Feb 13, 2023 |
1796 |
- |
| How Top Open Source Projects Protect Their Code: Insights and Best Practices |
Chris Abraham |
Feb 07, 2022 |
1237 |
7 |
| Defending Against Source Code Exfiltration, Fast and Slow |
Mike Doyle |
Apr 05, 2023 |
1272 |
- |
| How to ensure you don’t have Sourcegraph secrets in source code |
Nir Valtman |
Sep 04, 2023 |
630 |
3 |
| Malicious Code Campaign on GitHub Repos: Is it Hype or a Dire Threat? |
Nir Valtman |
Mar 05, 2024 |
754 |
2 |
| GitGoat: An Open Source Project of Intentionally (Riskless) Misconfigured GitHub Organizations |
Nir Valtman |
Jun 27, 2022 |
307 |
8 |
| How to Evaluate a Static Application Security Testing (SAST) Solution |
Mark Maney |
Nov 13, 2023 |
1668 |
- |
| What to Consider Before Enforcing Multi-Factor Authentication (MFA) on GitHub |
Nir Valtman |
Oct 19, 2022 |
1324 |
- |
| Demystifying the Pl0x GitHub attack |
Mike Doyle |
Aug 17, 2022 |
1325 |
1 |
| Hacking Upstream: Finding a 0-Day in an OpenSSH Key Parser Library |
Mike Doyle |
Jul 06, 2022 |
2826 |
2 |
| How to prioritize third-party package (SCA) vulnerabilities |
Mark Maney |
Nov 28, 2023 |
1410 |
- |
| What Every Developer Needs to Know About GitHub Branch Protection |
Nir Valtman |
Mar 13, 2024 |
1430 |
1 |
| GitHub Hosted vs. Self-Hosted Runners: Which One Should You Choose? |
Eran Medan |
Nov 08, 2022 |
1426 |
1 |
| A Complete Guide: Enterprise Managed Users vs Bring Your Own Users on GitHub |
Nir Valtman |
Oct 17, 2023 |
1301 |
- |
| GitHub CODEOWNERS: What Every Developer Should Know |
Nir Valtman |
Jul 23, 2022 |
1488 |
3 |
| Hardening Your Software Development Environment: A Beginner's Guide |
Eran Medan |
Sep 21, 2022 |
1464 |
3 |
| Security to-do lists slow you down, security tools need to fix the problems they find |
Mark Maney |
Dec 19, 2022 |
644 |
- |
| Why secrets continue to be a massive problem in source code |
Mark Maney |
May 30, 2023 |
1441 |
- |
| How insurance tech companies are leading the way on Application Security |
Simon Wenet |
May 03, 2023 |
970 |
- |
| What is an SBOM, what is it not, and do you need one? |
Mark Maney |
Mar 22, 2023 |
1649 |
- |
| Application Security vs. Software Supply Chain Security: What's the Difference? |
Mike Doyle |
Feb 27, 2022 |
1688 |
3 |
| Protecting Stale Code Repositories on GitHub: Essential Security Measures |
Eran Medan |
Jul 18, 2022 |
1014 |
5 |
| SBOM For Your Software Supply Chain: Added Visibility or Security Risk? |
Mark Maney |
Sep 19, 2023 |
1176 |
- |
| The Essential Guide to SCA and SAST |
Simon Wenet |
Feb 08, 2024 |
505 |
- |
| CI/CD Pipeline Security vs. IDE plugins vs. Pipelineless Security |
Nir Valtman |
Nov 27, 2023 |
1881 |
- |
| Leveraging EPSS, CVSS, and KEV for Comprehensive Risk Management & Prioritization |
Simon Wenet |
Feb 20, 2024 |
1040 |
- |
| How to Detect & Prevent Source Code Exfiltration |
Simon Wenet |
Jul 05, 2023 |
1414 |
- |
| Leveraging Developer Security Skills to Fortify your Security Team |
Eran Medan |
Dec 14, 2022 |
498 |
- |
| The Importance of EPSS in Vulnerability Prioritization: A Holistic Approach |
Eran Medan |
Mar 28, 2023 |
628 |
1 |
| How to prioritize your backlog of hardcoded secrets |
Nir Valtman |
Jul 18, 2023 |
1884 |
- |
| Tracing the Impact of a Clothing Retailer's Software Supply Chain Breach on Your Production Environment |
Mike Doyle |
May 25, 2022 |
467 |
5 |
| How to Survive a State Actor's Attempt to Put a Backdoor in Your Code |
Mark Maney |
Mar 07, 2022 |
598 |
20 |
| What Developers Can Learn from Taylor Swift's Re-recording Strategy |
Nicholas Rodine |
Jun 12, 2023 |
1107 |
2 |
| Adopting Pipelineless Security Solutions for Modern AppSec Programs |
Simon Wenet |
Apr 10, 2023 |
1465 |
- |
| Github OAuth Apps Security: How to protect yourself against GitHub/OAuth Apps Supply Chain Attacks |
Nir Valtman |
Apr 11, 2022 |
460 |
9 |
| Hacking Hacker News: Lessons Learned from a Security Researcher Wearing A Growth Hat |
Nir Valtman |
Jan 02, 2022 |
886 |
2 |
| Minimize AppSec Effort and Maximize AppSec Coverage with Pipelineless Security Scanning |
Nir Valtman |
Jan 23, 2024 |
1972 |
- |
| Practical Guide for Evaluating Secret Detection Solutions to Fit Modern Software Development |
Nir Valtman |
Jun 12, 2024 |
2043 |
- |
| The Importance of Free Secret Detection, Even for Private Repositories |
Nir Valtman |
May 11, 2022 |
295 |
19 |
| Why Secret Scanning Visibility Should Be Free & Understanding Where There is Value |
Mike Doyle |
Jul 11, 2023 |
1420 |
- |
| Need for AppSec exposed by the ‘ResumeLooters’ SQL Injection & XSS Attacks |
Nir Valtman |
Feb 13, 2024 |
555 |
- |
| New York Times Data Breach Reveals Secrets & Source Code |
Simon Wenet |
Jul 10, 2024 |
832 |
- |
| Rabbit r1 Data Breach Again Shows The Dire Need for Improved Secrets Security |
Simon Wenet |
Jun 28, 2024 |
853 |
- |
| Building an AppSec Program, Powered by Pipelineless Security |
Nir Valtman |
Aug 20, 2024 |
2644 |
- |
| Time for an Honest Talk About Third-Party Risk Management and Software Composition Analysis (SCA) |
Mark Maney |
Sep 10, 2024 |
903 |
- |
| Optimizing Code Security: Advanced Strategies in SAST Scanning |
Simon Wenet |
Sep 17, 2024 |
2199 |
- |
| Implementing SAST Security Policies: Effective Strategies for Application Protection |
Eitam Arad |
Oct 10, 2024 |
2083 |
- |
| State of Developer Time Loss 2024: How Arnica’s Pipelineless Security Can Help |
Eitam Arad |
Nov 05, 2024 |
1748 |
- |
| Best Practices for SCA Scanning in Agile Development |
Eitam Arad |
Nov 14, 2024 |
2326 |
- |
| How Arnica's Low-Reputation Package Detection Could Have Prevented the XML-RPC npm Package Breach |
Eran Medan |
Dec 02, 2024 |
869 |
- |
| SAST vs. DAST: A Comparative Analysis |
Simon Wenet |
Jan 07, 2025 |
1158 |
- |
| Launching Opengrep in response to Semgrep's Open Source Licensing Change |
Eran Medan |
Jan 23, 2025 |
563 |
- |