| What is Pipelineless Security? |
Nir Valtman |
Dec. 05, 2022 |
922 |
- |
| 5 critical lessons from the latest GitHub phishing campaign by Gitloker |
Nir Valtman |
Jun. 17, 2024 |
1389 |
- |
| Trouble Keeping Track of Your Keys? So Does Toyota: Lessons Learned from a Key Management Breach |
Nir Valtman |
Oct. 12, 2022 |
355 |
- |
| Azure Permissions: Managing Granular Permissions in Azure Devops |
Eran Medan |
Jan. 10, 2023 |
1645 |
- |
| Why Risk Scanning Needs to be Free: Don't Just Find Risks, Fix Them |
Simon Wenet |
Nov. 20, 2023 |
1283 |
- |
| Four takeaways from the NSA's software supply chain security recommendations |
Mike Doyle |
Sep. 10, 2022 |
963 |
- |
| Trying to identify spoofing in GitHub? May the 4th be with you! |
Mark Maney |
May. 03, 2023 |
1976 |
- |
| How to Determine the Severity of a Third-Party Risk with Software Composition Analysis (SCA) |
Simon Wenet |
Sep. 27, 2023 |
1501 |
- |
| The Criticality of Context for Addressing Software Supply Chain Risk |
Mark Maney |
Jun. 19, 2023 |
1753 |
- |
| Should I Manage Code in a Single Organization or Multiple Organizations? |
Mark Maney |
Jun. 27, 2023 |
1101 |
- |
| [April fools] Introducing SecuriSlow™: Slowing Down Your Developers, Fast |
Nir Valtman |
Apr. 01, 2024 |
274 |
- |
| Analyzing LastPass' Recent Security Incident Notification |
Mike Doyle |
Aug. 26, 2022 |
785 |
- |
| How to ensure your third-party software packages are reputable |
Mark Maney |
Aug. 16, 2023 |
1909 |
- |
| Afraid of your source code leaking? I can tell by the Twitch in your eye…! |
Nir Valtman |
Jan. 10, 2022 |
441 |
- |
| Best practices maintaining a secure development environment |
Mark Maney |
Jan. 11, 2023 |
1961 |
- |
| How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development |
Doron Guttman |
Apr. 17, 2023 |
1949 |
- |
| Harnessing the Power of Secure Coding Practices for Effective CI/CD Security |
Nir Valtman |
Feb. 13, 2023 |
1796 |
- |
| How Top Open Source Projects Protect Their Code: Insights and Best Practices |
Chris Abraham |
Feb. 07, 2022 |
1237 |
- |
| Defending Against Source Code Exfiltration, Fast and Slow |
Mike Doyle |
Apr. 05, 2023 |
1272 |
- |
| How to ensure you don’t have Sourcegraph secrets in source code |
Nir Valtman |
Sep. 04, 2023 |
630 |
- |
| Malicious Code Campaign on GitHub Repos: Is it Hype or a Dire Threat? |
Nir Valtman |
Mar. 05, 2024 |
754 |
- |
| GitGoat: An Open Source Project of Intentionally (Riskless) Misconfigured GitHub Organizations |
Nir Valtman |
Jun. 27, 2022 |
307 |
- |
| How to Evaluate a Static Application Security Testing (SAST) Solution |
Mark Maney |
Nov. 13, 2023 |
1668 |
- |
| What to Consider Before Enforcing Multi-Factor Authentication (MFA) on GitHub |
Nir Valtman |
Oct. 19, 2022 |
1324 |
- |
| Demystifying the Pl0x GitHub attack |
Mike Doyle |
Aug. 17, 2022 |
1325 |
- |
| Hacking Upstream: Finding a 0-Day in an OpenSSH Key Parser Library |
Mike Doyle |
Jul. 06, 2022 |
2826 |
- |
| How to prioritize third-party package (SCA) vulnerabilities |
Mark Maney |
Nov. 28, 2023 |
1410 |
- |
| What Every Developer Needs to Know About GitHub Branch Protection |
Nir Valtman |
Mar. 13, 2024 |
1430 |
- |
| GitHub Hosted vs. Self-Hosted Runners: Which One Should You Choose? |
Eran Medan |
Nov. 08, 2022 |
1426 |
- |
| A Complete Guide: Enterprise Managed Users vs Bring Your Own Users on GitHub |
Nir Valtman |
Oct. 17, 2023 |
1301 |
- |
| GitHub CODEOWNERS: What Every Developer Should Know |
Nir Valtman |
Jul. 23, 2022 |
1488 |
- |
| Hardening Your Software Development Environment: A Beginner's Guide |
Eran Medan |
Sep. 21, 2022 |
1464 |
- |
| Security to-do lists slow you down, security tools need to fix the problems they find |
Mark Maney |
Dec. 19, 2022 |
644 |
- |
| Why secrets continue to be a massive problem in source code |
Mark Maney |
May. 30, 2023 |
1441 |
- |
| How insurance tech companies are leading the way on Application Security |
Simon Wenet |
May. 03, 2023 |
970 |
- |
| What is an SBOM, what is it not, and do you need one? |
Mark Maney |
Mar. 22, 2023 |
1649 |
- |
| Application Security vs. Software Supply Chain Security: What's the Difference? |
Mike Doyle |
Feb. 27, 2022 |
1688 |
- |
| Protecting Stale Code Repositories on GitHub: Essential Security Measures |
Eran Medan |
Jul. 18, 2022 |
1014 |
- |
| SBOM For Your Software Supply Chain: Added Visibility or Security Risk? |
Mark Maney |
Sep. 19, 2023 |
1176 |
- |
| The Essential Guide to SCA and SAST |
Simon Wenet |
Feb. 08, 2024 |
505 |
- |
| CI/CD Pipeline Security vs. IDE plugins vs. Pipelineless Security |
Nir Valtman |
Nov. 27, 2023 |
1881 |
- |
| Leveraging EPSS, CVSS, and KEV for Comprehensive Risk Management & Prioritization |
Simon Wenet |
Feb. 20, 2024 |
1040 |
- |
| How to Detect & Prevent Source Code Exfiltration |
Simon Wenet |
Jul. 05, 2023 |
1414 |
- |
| Leveraging Developer Security Skills to Fortify your Security Team |
Eran Medan |
Dec. 14, 2022 |
498 |
- |
| The Importance of EPSS in Vulnerability Prioritization: A Holistic Approach |
Eran Medan |
Mar. 28, 2023 |
628 |
- |
| How to prioritize your backlog of hardcoded secrets |
Nir Valtman |
Jul. 18, 2023 |
1884 |
- |
| Tracing the Impact of a Clothing Retailer's Software Supply Chain Breach on Your Production Environment |
Mike Doyle |
May. 25, 2022 |
467 |
- |
| How to Survive a State Actor's Attempt to Put a Backdoor in Your Code |
Mark Maney |
Mar. 07, 2022 |
598 |
- |
| What Developers Can Learn from Taylor Swift's Re-recording Strategy |
Nicholas Rodine |
Jun. 12, 2023 |
1107 |
- |
| Adopting Pipelineless Security Solutions for Modern AppSec Programs |
Simon Wenet |
Apr. 10, 2023 |
1465 |
- |
| Github OAuth Apps Security: How to protect yourself against GitHub/OAuth Apps Supply Chain Attacks |
Nir Valtman |
Apr. 11, 2022 |
460 |
- |
| Hacking Hacker News: Lessons Learned from a Security Researcher Wearing A Growth Hat |
Nir Valtman |
Jan. 02, 2022 |
886 |
- |
| Minimize AppSec Effort and Maximize AppSec Coverage with Pipelineless Security Scanning |
Nir Valtman |
Jan. 23, 2024 |
1972 |
- |
| Practical Guide for Evaluating Secret Detection Solutions to Fit Modern Software Development |
Nir Valtman |
Jun. 12, 2024 |
2043 |
- |
| The Importance of Free Secret Detection, Even for Private Repositories |
Nir Valtman |
May. 11, 2022 |
295 |
- |
| Why Secret Scanning Visibility Should Be Free & Understanding Where There is Value |
Mike Doyle |
Jul. 11, 2023 |
1420 |
- |
| Need for AppSec exposed by the ‘ResumeLooters’ SQL Injection & XSS Attacks |
Nir Valtman |
Feb. 13, 2024 |
555 |
- |
| New York Times Data Breach Reveals Secrets & Source Code |
Simon Wenet |
Jul. 10, 2024 |
832 |
- |
| Rabbit r1 Data Breach Again Shows The Dire Need for Improved Secrets Security |
Simon Wenet |
Jun. 28, 2024 |
853 |
- |
| Building an AppSec Program, Powered by Pipelineless Security |
Nir Valtman |
Aug. 20, 2024 |
2644 |
- |
| Time for an Honest Talk About Third-Party Risk Management and Software Composition Analysis (SCA) |
Mark Maney |
Sep. 10, 2024 |
903 |
- |
| Optimizing Code Security: Advanced Strategies in SAST Scanning |
Simon Wenet |
Sep. 17, 2024 |
2199 |
- |
| Implementing SAST Security Policies: Effective Strategies for Application Protection |
Eitam Arad |
Oct. 10, 2024 |
2083 |
- |