Mend.io + Jira Security: Doing DevSecOps Better Together
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
Choose Your Type
Choose Your Topic
Our Latest Content
Dependency Management: A Guide and 3 Tips to Keep You Sane
Learn more about challenges, best practices, and good strategies for dependency management, and discover our three favorite tips.
Software Composition Analysis Explained
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
Mend.io Collaborates with Kondukto’s New Demo Hub
What Mend.io’s collaboration with Kondukto’s new Demo Hub means when choosing your AppSec solution
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
What Can Fintech Firms Do When Vulnerabilities Like Spring4Shell Hit Them?
How do fintech companies address the risks posed by vulnerabilities like Spring4Shell? Here’s how Mend tackled the issue for MSCI to speedily thwart any potential threats.
Key Considerations for Building a Successful Cloud Security Program
Discover what the key considerations are for building a successful cloud security, according to a recent panel discussion attended by Mend’s Jack Marsal.
The Five Key Principles of Modern Application Security
Learn the five key principles of modern application security and why they’re so vital.
FINOS: The State of Open Source in Financial Services
Discover how financial services are embracing open source in this summary of the Fintech Open Source Foundation’s latest report.
Just Who Exactly Should Take Responsibility for Application Security?
Learn who should take responsibility for application security, according to Mend VP of Product Management Jeffrey Martin.
CI/CD and the Promise of Agile Transformation
Learn how CI/CD (continuous integration/continuous delivery) pushes frequent, incremental software updates & fixes regardless of size using automation tools.
Docker Container Security: Challenges and Best Practices
Docker is a complicated beast, and there is no simple trick you can use to maintain Docker container security. We offer a set of best practices that should help you.
Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
How to Make a Case for Buying SCA
Learn how to build a compelling case for buying a software composition analysis (SCA) tool in your organization.
Why an SBOM is Vital to Application Security and Compliance
Attacks targeting the software supply chain are on the rise. Learn why an SBOM is vital to Application Security and Compliance.
Application Security — The Complete Guide
All about application security - why is the application layer the weakest link, and how to get application security right.
No Festive Break for Security as Attackers Target Almost 300 NPM Packages
Our team detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages.
What Are The Key Considerations for Vulnerability Prioritization?
While detecting vulnerabilities is important, you also need to know the ones that pose the highest risk to your business. Learn why prioritizing vulnerabilities is vital to effective application security, the key considerations when prioritizing, and what an effective prioritization process looks like.
How to Prepare for the Next Zero-Day Attack
Discover what steps you can take to safeguard your code base, your software, and your applications from zero-day attacks.
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
The Risks and Benefits of Updating Dependencies
Updating software dependencies is vital to software and application security, but there are challenges. Learn the risks associated with updating dependencies, why they occur, and how you can address them.
The Need for Speed: Accelerated AppSec Scanning in Azure DevOps Repos
Until recently, application security testing was cumbersome and time-consuming. Now, enterprises using Azure DevOps Repos can add automated application security testing directly to the repo. This DevSecOps approach combines convenience for developers along with features that security professionals want such as centralized deployment, management and policy enforcement. If your organization uses Azure DevOps, attend this...
In Modern AppSec, DevSecOps Demands Cultural Change
Building a modern application security program requires a robust DevSecOps environment built on collaboration. For many companies, that means shifting away from IT silos towards a shared-responsibility mindset regarding security across the organization.
Risks Faced by Cloud-Native Apps and How to Assess Them
Cloud-native applications are at particular risk from vulnerabilities in their code. Discover why and how you should assess these risks in order to reinforce your security.
A Busy Weekend for npm Attacks, Including ‘cors’ Typosquatting
Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.
DevSecOps Roundtable Discussion
Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...
Shift-Left Testing and Its Benefits
Learn what shift left testing means, how it can save you time and costs, and why you need to shift left your open source components’ management.
Announcing Mend SCA for Bitbucket Cloud Integration
Mend’s new integration with Bitbucket Cloud brings smart, automated risk reduction to DevOps teams with ultra-fast rollouts and 100 percent adoption rates.
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
Building a Modern AppSec Program: AWS-Mend Fireside Chat
Discover what a good AppSec program should look like and the best practices to implement it, according to Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite.
Why Your DevOps Platform Needs a Security Partner to Safeguard Your Software
Discover why your DevOps platform should be complemented with a security solution, learn how to achieve this, and find out how Mend’s partnership with CloudBees delivers security that safeguards your code, software, and applications.
DevSecOps: A Comprehensive Guide to Securely Managing Your DevOps Workflow
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Modern AppSec Programs Run on Automation
Learn why automation is a critical element of modern application security programs.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.