Mend.io Resource Center

Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.

Choose Your Type

Choose Your Topic

Our Latest Content

How to Build a Threat Model for Kubernetes Systems

As Kubernetes adoption grows, its attack surface expands with it, allowing bad actors to find and exploit vulnerabilities in the cloud-native stack. In addition, the complexity of Kubernetes and the lack of proper security controls make the attacks targeting Kubernetes clusters and containers hosted in them a real risk for organizations. With the threat landscape...

Hidden Risks of Using Open Source Software

With each passing year, open source software use increases. But this trend does not come without a price. Modern software’s heavy reliance on open source components created space for exploitation by malicious actors. New threats are challenging to detect and to protect against. This session should arm you with knowledge about the risks and practical...

Addressing Security Debt with a Developer First approach webinar

As organizations struggle to keep the application layer secure, more security tasks are added to developers’ already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the...

Mend Research Report — Remediating Vulnerabilities in npm Packages

As AppSec practices continue to shift left into development, the task of ensuring that open source libraries are up-to-date and vulnerability-free falls on developers’ shoulders -- and it is quite a task. In order to gain a better understanding of the process of open source vulnerability management, our Knowledge Team analyzed vulnerable npm packages, checking the CVE publication date and comparing it to the release date of the vulnerabilities’ fix.