Read about application security, DevSecOps, license compliance, and software supply chain security.
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan,...
Here are 5 DevSecOps tools that help to integrate security into the container development cycle.
Learn more about the two new integrations for Mend for Developers, GitLab Repo and Eclipse IDE, empowering even more developers to code more productively and securely.
Application security is an effective tool for defending against attacks. But as IT infrastructures shift to “software-defined everything” and move to the cloud, traditional AppSec models no longer are enough to protect the application. This webinar takes a look at how companies are addressing new models to address more dispersed and dynamically connected applications, from...
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future. Additionally, WhiteSource Senior Director of...
September's top 5 new open source security vulnerabilities includes popular projects like Swagger UI, the Linux Kernel, Android, Python, and curl.
Make sure that your Github and GitLab repos are secure. Here are the top 5 Git security mistakes to avoid.
Kubernetes has become the default way for many organizations to scale and orchestrate their use of containers. However, organizations are starting to find themselves needing to take the necessary steps to protect their containers. Automating security checks throughout the development life cycle can help reduce risk and allow organizations to develop and deploy securely. Join Shiri Ivstan, Senior Product Manager at WhiteSource and Yaniv Peleg Tsabari, Senior...
Security advisories help us stay up to date on the vulnerabilities putting our applications at risk. We explain how they work and which ones to follow.
These are the top application security tips and tricks for student developers as they gear up for the year ahead. Remember to stay calm and code securely.
Many organizations are using containers to develop and manage their applications. Containers enable development teams work faster, deploy more easily and efficiently, and operate at a much larger scale. However, there are many security measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security. In...
DevOps success depends on three things: people, processes and tools. While tools and processes can be easy enough to address, the people part of the equation can be more difficult to tackle. Changing the culture of an organization can be akin to turning a cruise ship midstream. Join this webinar to hear the top 10...
July's list of top 5 new open source security vulnerabilities includes popular projects like Docker, Redis, Microsoft's Chakra, and Python
So your organization finally made the important decision of implementing an open source management solution. Now what? how do you choose from the array of technologies and tools around?
Vulnerabilities in open source components are the widest openings calling hackers to come in. Among all alternatives, detecting & fixing these vulnerabilities is easiest.
Mend is now the proud recipient of Amazon Web Services DevOps Competency Status, taking their partnership with Amazon Web Services to the next level.
n the race to stay ahead on keeping your applications secure, organizations of all sizes need to implement security automation solutions.
Mend brings its industry-leading experience and knowledge base of open source vulnerabilities to reach developers in IDE environment.
The Payment Card Industry (PCI) Security Standards Council recently released a new security framework to replace the previous standard (PCI PA-DSS). The new framework is set to better address the changes that the software development industry has seen in the past few years. Agile and DevOps methodologies, cloud and containerized environments and widespread open source...
Go is fast becoming a favorite programming language in the community, a trend that is only likely to rise as Google uses it for more of their products. Stay ahead of hackers and check out these top vu
In this report, we discuss trends in how security is shifting left to the earliest stages of development, explore the growth of automated tools and look for answers on what is needed to help close the gap from detection to remediation.
May's list of top 5 new open source security vulnerabilities includes major projects like the Linux kernel, Symfony, SQLite, fstream and ecstatic.
DevOps is a global phenomenon, with organizations in countries far and wide adopting DevOps tools, processes and culture to increase the speed, efficiency and reliability of their applications. In this webinar, we’ll delve into why DevOps has such a global reach and take a look at some of the international companies that have found success...
Gone are the days where open source components were only used by individual developers, start-ups or small corporations. Today, even the biggest corporate giants have realized the numerous benefits open source usage brings, thereby openly embracing this as part of their software to help them focus their efforts and push more code out of the...
Many security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. Similarly, security groups believe that policy enforcement is their biggest (only?) lever… “If we can just update the...
DevSecOps is often associated with securing a development pipeline in traditional CI/CD frameworks. Join this session, held by Henrik Johansson, Principal – Office of the CISO at AWS, as he discusses and shows: – how public cloud technology enables you to fully embrace security automation in your infrastructure – how to account security using managed...
Is your organization ready to embrace a DevOps mindset? Receive a pragmatic view from an agent of chaos, who’s promoting the goal for a single continuous integration and delivery pipeline, shifting testing, security, code reviews, and other opportunities to improve information sharing and quality to the left, shifting configuration to the right, and most importantly,...
Open source software has become the building block in the applications we interact with nowadays. The good? Thanks to the time and cost efficiency it brings, organizations are able to facilitate productivity and innovation at a faster pace than ever. The bad (or rather, less good)? Many organizations are grappling with the security aspect when...
All static analysis tools produce false positives, and often require developer context to determine exploitability of a security risk. Automating a static scan is usually straightforward but building automation workflows around SAST findings require that your Pipelines become smarter over time. Optimizing the data provided by SAST tools is an often overlooked aspect to integrating...
DevSecOps has taken the world by storm. Ever since the DevSecOps philosophy stepped into the limelight in the past few years, a growing number of organisations are trying to ensure their businesses are set up with the security in mind (and practice) from the get-go. In theory, the concept is great. In practice? Less so,...
DevSecOps is often associated with securing a development pipeline in traditional CI/CD frameworks. Join this session, held by Henrik Johansson, Principal – Office of the CISO at AWS, as he discusses and shows: – how public cloud technology enables you to fully embrace security automation in your infrastructure – how to account security using managed...
Whether deployed on-premise or in the cloud, you need to know how your containers are performing, especially since containers are becoming the backbone of mission-critical services.
David Habusha, Dan Beauregard and Cody Wood discuss DevSecOps challenges and new tools you can use
Four things every decision maker needs to know about automated testing in order to define their own test automation strategy.
April's list of top 5 new open source security vulnerabilities includes some of the most popular components that all of us are using, like the Linux kernel, Apache Tomcat, JS-YAML and more.
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security...