What is Pipelineless Security? |
Nir Valtman |
Dec. 05, 2022 |
922 |
2 |
5 critical lessons from the latest GitHub phishing campaign by Gitloker |
Nir Valtman |
Jun. 17, 2024 |
1389 |
- |
Trouble Keeping Track of Your Keys? So Does Toyota: Lessons Learned from a Key Management Breach |
Nir Valtman |
Oct. 12, 2022 |
355 |
2 |
Azure Permissions: Managing Granular Permissions in Azure Devops |
Eran Medan |
Jan. 10, 2023 |
1645 |
- |
Why Risk Scanning Needs to be Free: Don't Just Find Risks, Fix Them |
Simon Wenet |
Nov. 20, 2023 |
1283 |
- |
Four takeaways from the NSA's software supply chain security recommendations |
Mike Doyle |
Sep. 10, 2022 |
963 |
2 |
Trying to identify spoofing in GitHub? May the 4th be with you! |
Mark Maney |
May. 03, 2023 |
1976 |
1 |
How to Determine the Severity of a Third-Party Risk with Software Composition Analysis (SCA) |
Simon Wenet |
Sep. 27, 2023 |
1501 |
- |
The Criticality of Context for Addressing Software Supply Chain Risk |
Mark Maney |
Jun. 19, 2023 |
1753 |
- |
Should I Manage Code in a Single Organization or Multiple Organizations? |
Mark Maney |
Jun. 27, 2023 |
1101 |
- |
[April fools] Introducing SecuriSlow™: Slowing Down Your Developers, Fast |
Nir Valtman |
Apr. 01, 2024 |
274 |
- |
Analyzing LastPass' Recent Security Incident Notification |
Mike Doyle |
Aug. 26, 2022 |
785 |
1 |
How to ensure your third-party software packages are reputable |
Mark Maney |
Aug. 16, 2023 |
1909 |
- |
Afraid of your source code leaking? I can tell by the Twitch in your eye…! |
Nir Valtman |
Jan. 10, 2022 |
441 |
- |
Best practices maintaining a secure development environment |
Mark Maney |
Jan. 11, 2023 |
1961 |
- |
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development |
Doron Guttman |
Apr. 17, 2023 |
1949 |
3 |
Harnessing the Power of Secure Coding Practices for Effective CI/CD Security |
Nir Valtman |
Feb. 13, 2023 |
1796 |
- |
How Top Open Source Projects Protect Their Code: Insights and Best Practices |
Chris Abraham |
Feb. 07, 2022 |
1237 |
7 |
Defending Against Source Code Exfiltration, Fast and Slow |
Mike Doyle |
Apr. 05, 2023 |
1272 |
- |
How to ensure you don’t have Sourcegraph secrets in source code |
Nir Valtman |
Sep. 04, 2023 |
630 |
3 |
Malicious Code Campaign on GitHub Repos: Is it Hype or a Dire Threat? |
Nir Valtman |
Mar. 05, 2024 |
754 |
2 |
GitGoat: An Open Source Project of Intentionally (Riskless) Misconfigured GitHub Organizations |
Nir Valtman |
Jun. 27, 2022 |
307 |
8 |
How to Evaluate a Static Application Security Testing (SAST) Solution |
Mark Maney |
Nov. 13, 2023 |
1668 |
- |
What to Consider Before Enforcing Multi-Factor Authentication (MFA) on GitHub |
Nir Valtman |
Oct. 19, 2022 |
1324 |
- |
Demystifying the Pl0x GitHub attack |
Mike Doyle |
Aug. 17, 2022 |
1325 |
1 |
Hacking Upstream: Finding a 0-Day in an OpenSSH Key Parser Library |
Mike Doyle |
Jul. 06, 2022 |
2826 |
2 |
How to prioritize third-party package (SCA) vulnerabilities |
Mark Maney |
Nov. 28, 2023 |
1410 |
- |
What Every Developer Needs to Know About GitHub Branch Protection |
Nir Valtman |
Mar. 13, 2024 |
1430 |
1 |
GitHub Hosted vs. Self-Hosted Runners: Which One Should You Choose? |
Eran Medan |
Nov. 08, 2022 |
1426 |
1 |
A Complete Guide: Enterprise Managed Users vs Bring Your Own Users on GitHub |
Nir Valtman |
Oct. 17, 2023 |
1301 |
- |
GitHub CODEOWNERS: What Every Developer Should Know |
Nir Valtman |
Jul. 23, 2022 |
1488 |
3 |
Hardening Your Software Development Environment: A Beginner's Guide |
Eran Medan |
Sep. 21, 2022 |
1464 |
3 |
Security to-do lists slow you down, security tools need to fix the problems they find |
Mark Maney |
Dec. 19, 2022 |
644 |
- |
Why secrets continue to be a massive problem in source code |
Mark Maney |
May. 30, 2023 |
1441 |
- |
How insurance tech companies are leading the way on Application Security |
Simon Wenet |
May. 03, 2023 |
970 |
- |
What is an SBOM, what is it not, and do you need one? |
Mark Maney |
Mar. 22, 2023 |
1649 |
- |
Application Security vs. Software Supply Chain Security: What's the Difference? |
Mike Doyle |
Feb. 27, 2022 |
1688 |
3 |
Protecting Stale Code Repositories on GitHub: Essential Security Measures |
Eran Medan |
Jul. 18, 2022 |
1014 |
5 |
SBOM For Your Software Supply Chain: Added Visibility or Security Risk? |
Mark Maney |
Sep. 19, 2023 |
1176 |
- |
The Essential Guide to SCA and SAST |
Simon Wenet |
Feb. 08, 2024 |
505 |
- |
CI/CD Pipeline Security vs. IDE plugins vs. Pipelineless Security |
Nir Valtman |
Nov. 27, 2023 |
1881 |
- |
Leveraging EPSS, CVSS, and KEV for Comprehensive Risk Management & Prioritization |
Simon Wenet |
Feb. 20, 2024 |
1040 |
- |
How to Detect & Prevent Source Code Exfiltration |
Simon Wenet |
Jul. 05, 2023 |
1414 |
- |
Leveraging Developer Security Skills to Fortify your Security Team |
Eran Medan |
Dec. 14, 2022 |
498 |
- |
The Importance of EPSS in Vulnerability Prioritization: A Holistic Approach |
Eran Medan |
Mar. 28, 2023 |
628 |
1 |
How to prioritize your backlog of hardcoded secrets |
Nir Valtman |
Jul. 18, 2023 |
1884 |
- |
Tracing the Impact of a Clothing Retailer's Software Supply Chain Breach on Your Production Environment |
Mike Doyle |
May. 25, 2022 |
467 |
5 |
How to Survive a State Actor's Attempt to Put a Backdoor in Your Code |
Mark Maney |
Mar. 07, 2022 |
598 |
20 |
What Developers Can Learn from Taylor Swift's Re-recording Strategy |
Nicholas Rodine |
Jun. 12, 2023 |
1107 |
2 |
Adopting Pipelineless Security Solutions for Modern AppSec Programs |
Simon Wenet |
Apr. 10, 2023 |
1465 |
- |
Github OAuth Apps Security: How to protect yourself against GitHub/OAuth Apps Supply Chain Attacks |
Nir Valtman |
Apr. 11, 2022 |
460 |
9 |
Hacking Hacker News: Lessons Learned from a Security Researcher Wearing A Growth Hat |
Nir Valtman |
Jan. 02, 2022 |
886 |
2 |
Minimize AppSec Effort and Maximize AppSec Coverage with Pipelineless Security Scanning |
Nir Valtman |
Jan. 23, 2024 |
1972 |
- |
Practical Guide for Evaluating Secret Detection Solutions to Fit Modern Software Development |
Nir Valtman |
Jun. 12, 2024 |
2043 |
- |
The Importance of Free Secret Detection, Even for Private Repositories |
Nir Valtman |
May. 11, 2022 |
295 |
19 |
Why Secret Scanning Visibility Should Be Free & Understanding Where There is Value |
Mike Doyle |
Jul. 11, 2023 |
1420 |
- |
Need for AppSec exposed by the ‘ResumeLooters’ SQL Injection & XSS Attacks |
Nir Valtman |
Feb. 13, 2024 |
555 |
- |
New York Times Data Breach Reveals Secrets & Source Code |
Simon Wenet |
Jul. 10, 2024 |
832 |
- |
Rabbit r1 Data Breach Again Shows The Dire Need for Improved Secrets Security |
Simon Wenet |
Jun. 28, 2024 |
853 |
- |
Building an AppSec Program, Powered by Pipelineless Security |
Nir Valtman |
Aug. 20, 2024 |
2644 |
- |
Time for an Honest Talk About Third-Party Risk Management and Software Composition Analysis (SCA) |
Mark Maney |
Sep. 10, 2024 |
903 |
- |
Optimizing Code Security: Advanced Strategies in SAST Scanning |
Simon Wenet |
Sep. 17, 2024 |
2199 |
- |
Implementing SAST Security Policies: Effective Strategies for Application Protection |
Eitam Arad |
Oct. 10, 2024 |
2083 |
- |
State of Developer Time Loss 2024: How Arnica’s Pipelineless Security Can Help |
Eitam Arad |
Nov. 05, 2024 |
1748 |
- |
Best Practices for SCA Scanning in Agile Development |
Eitam Arad |
Nov. 14, 2024 |
2326 |
- |
How Arnica's Low-Reputation Package Detection Could Have Prevented the XML-RPC npm Package Breach |
Eran Medan |
Dec. 02, 2024 |
869 |
- |