| 5 critical lessons from the latest GitHub phishing campaign by Gitloker |
Nir Valtman |
Jun 17, 2024 |
1389 |
- |
| Azure Permissions: Managing Granular Permissions in Azure Devops |
Eran Medan |
Jan 10, 2023 |
1645 |
- |
| Why Risk Scanning Needs to be Free: Don't Just Find Risks, Fix Them |
Simon Wenet |
Nov 20, 2023 |
1283 |
- |
| Trying to identify spoofing in GitHub? May the 4th be with you! |
Mark Maney |
May 03, 2023 |
1976 |
1 |
| How to Determine the Severity of a Third-Party Risk with Software Composition Analysis (SCA) |
Simon Wenet |
Sep 27, 2023 |
1501 |
- |
| The Criticality of Context for Addressing Software Supply Chain Risk |
Mark Maney |
Jun 19, 2023 |
1753 |
- |
| Should I Manage Code in a Single Organization or Multiple Organizations? |
Mark Maney |
Jun 27, 2023 |
1101 |
- |
| [April fools] Introducing SecuriSlow™: Slowing Down Your Developers, Fast |
Nir Valtman |
Apr 01, 2024 |
274 |
- |
| How to ensure your third-party software packages are reputable |
Mark Maney |
Aug 16, 2023 |
1909 |
- |
| Best practices maintaining a secure development environment |
Mark Maney |
Jan 11, 2023 |
1961 |
- |
| How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development |
Doron Guttman |
Apr 17, 2023 |
1949 |
3 |
| Harnessing the Power of Secure Coding Practices for Effective CI/CD Security |
Nir Valtman |
Feb 13, 2023 |
1796 |
- |
| Defending Against Source Code Exfiltration, Fast and Slow |
Mike Doyle |
Apr 05, 2023 |
1272 |
- |
| How to ensure you don’t have Sourcegraph secrets in source code |
Nir Valtman |
Sep 04, 2023 |
630 |
3 |
| Malicious Code Campaign on GitHub Repos: Is it Hype or a Dire Threat? |
Nir Valtman |
Mar 05, 2024 |
754 |
2 |
| How to Evaluate a Static Application Security Testing (SAST) Solution |
Mark Maney |
Nov 13, 2023 |
1668 |
- |
| How to prioritize third-party package (SCA) vulnerabilities |
Mark Maney |
Nov 28, 2023 |
1410 |
- |
| What Every Developer Needs to Know About GitHub Branch Protection |
Nir Valtman |
Mar 13, 2024 |
1430 |
1 |
| A Complete Guide: Enterprise Managed Users vs Bring Your Own Users on GitHub |
Nir Valtman |
Oct 17, 2023 |
1301 |
- |
| Why secrets continue to be a massive problem in source code |
Mark Maney |
May 30, 2023 |
1441 |
- |
| How insurance tech companies are leading the way on Application Security |
Simon Wenet |
May 03, 2023 |
970 |
- |
| What is an SBOM, what is it not, and do you need one? |
Mark Maney |
Mar 22, 2023 |
1649 |
- |
| SBOM For Your Software Supply Chain: Added Visibility or Security Risk? |
Mark Maney |
Sep 19, 2023 |
1176 |
- |
| The Essential Guide to SCA and SAST |
Simon Wenet |
Feb 08, 2024 |
505 |
- |
| CI/CD Pipeline Security vs. IDE plugins vs. Pipelineless Security |
Nir Valtman |
Nov 27, 2023 |
1881 |
- |
| Leveraging EPSS, CVSS, and KEV for Comprehensive Risk Management & Prioritization |
Simon Wenet |
Feb 20, 2024 |
1040 |
- |
| How to Detect & Prevent Source Code Exfiltration |
Simon Wenet |
Jul 05, 2023 |
1414 |
- |
| The Importance of EPSS in Vulnerability Prioritization: A Holistic Approach |
Eran Medan |
Mar 28, 2023 |
628 |
1 |
| How to prioritize your backlog of hardcoded secrets |
Nir Valtman |
Jul 18, 2023 |
1884 |
- |
| What Developers Can Learn from Taylor Swift's Re-recording Strategy |
Nicholas Rodine |
Jun 12, 2023 |
1107 |
2 |
| Adopting Pipelineless Security Solutions for Modern AppSec Programs |
Simon Wenet |
Apr 10, 2023 |
1465 |
- |
| Minimize AppSec Effort and Maximize AppSec Coverage with Pipelineless Security Scanning |
Nir Valtman |
Jan 23, 2024 |
1972 |
- |
| Practical Guide for Evaluating Secret Detection Solutions to Fit Modern Software Development |
Nir Valtman |
Jun 12, 2024 |
2043 |
- |
| Why Secret Scanning Visibility Should Be Free & Understanding Where There is Value |
Mike Doyle |
Jul 11, 2023 |
1420 |
- |
| Need for AppSec exposed by the ‘ResumeLooters’ SQL Injection & XSS Attacks |
Nir Valtman |
Feb 13, 2024 |
555 |
- |
| New York Times Data Breach Reveals Secrets & Source Code |
Simon Wenet |
Jul 10, 2024 |
832 |
- |
| Rabbit r1 Data Breach Again Shows The Dire Need for Improved Secrets Security |
Simon Wenet |
Jun 28, 2024 |
853 |
- |
| Building an AppSec Program, Powered by Pipelineless Security |
Nir Valtman |
Aug 20, 2024 |
2644 |
- |
| Time for an Honest Talk About Third-Party Risk Management and Software Composition Analysis (SCA) |
Mark Maney |
Sep 10, 2024 |
903 |
- |
| Optimizing Code Security: Advanced Strategies in SAST Scanning |
Simon Wenet |
Sep 17, 2024 |
2199 |
- |
| Implementing SAST Security Policies: Effective Strategies for Application Protection |
Eitam Arad |
Oct 10, 2024 |
2083 |
- |
| State of Developer Time Loss 2024: How Arnica’s Pipelineless Security Can Help |
Eitam Arad |
Nov 05, 2024 |
1748 |
- |
| Best Practices for SCA Scanning in Agile Development |
Eitam Arad |
Nov 14, 2024 |
2326 |
- |
| How Arnica's Low-Reputation Package Detection Could Have Prevented the XML-RPC npm Package Breach |
Eran Medan |
Dec 02, 2024 |
869 |
- |
| SAST vs. DAST: A Comparative Analysis |
Simon Wenet |
Jan 07, 2025 |
1158 |
- |
| Launching Opengrep in response to Semgrep's Open Source Licensing Change |
Eran Medan |
Jan 23, 2025 |
563 |
- |
| Evaluating SCA Tools for Addressing Open Source Vulnerabilities |
Anna Daugherty |
Feb 13, 2025 |
2520 |
- |
| Prioritizing AppSec Vulnerabilities: Developer Context vs. Full Reachability |
Nir Valtman |
Feb 11, 2025 |
524 |
- |
| Direct vs. Transitive Dependencies: Navigating Package Management in Software Composition Analysis (SCA) |
Anna Daugherty |
Feb 25, 2025 |
2908 |
- |
| GitHub Actions Supply Chain Attack: What Arnica Customers Need to Know |
Eran Medan |
Mar 17, 2025 |
677 |
- |