Result Page 7: Resource Center: AppSec, Software Supply Chain Security & Open Source

Our Latest Content

360° Kubernetes Security: From Source Code to K8s Configuration Security

Kubernetes has become the default way for many organizations to scale and orchestrate their use of containers. However, organizations are starting to find themselves needing to take the necessary steps to protect their containers. Automating security checks throughout the development life cycle can help reduce risk and allow organizations to develop and deploy securely. Join Shiri Ivstan, Senior Product Manager at WhiteSource and Yaniv Peleg Tsabari, Senior...

Top 5 Back to School AppSec Tips for Developers

Adam Murray
August 29, 2019

These are the top application security tips and tricks for student developers as they gear up for the year ahead. Remember to stay calm and code securely.

Deep Dive into Container Security

Many organizations are using containers to develop and manage their applications. Containers enable development teams work faster, deploy more easily and efficiently, and operate at a much larger scale. However, there are many security measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security. In...

Panel Discussion: 10 Tips for Achieving Cultural Change in DevOps

DevOps success depends on three things: people, processes and tools. While tools and processes can be easy enough to address, the people part of the equation can be more difficult to tackle. Changing the culture of an organization can be akin to turning a cruise ship midstream. Join this webinar to hear the top 10...

#DevSecOps

Mend achieved Amazon Web Services DevOps Competency Status

Adam Murray
July 18, 2019

Mend is now the proud recipient of Amazon Web Services DevOps Competency Status, taking their partnership with Amazon Web Services to the next level.

Security Automation: Where Does It Fit In Your Secure SDLC?

Adam Murray
July 18, 2019

n the race to stay ahead on keeping your applications secure, organizations of all sizes need to implement security automation solutions.

Demystifying PCI Software Security Framework: All You Need to Know for Your AppSec Strategy

The Payment Card Industry (PCI) Security Standards Council recently released a new security framework to replace the previous standard (PCI PA-DSS). The new framework is set to better address the changes that the software development industry has seen in the past few years. Agile and DevOps methodologies, cloud and containerized environments and widespread open source...

Developers Are Taking Over AppSec

In this report, we discuss trends in how security is shifting left to the earliest stages of development, explore the growth of automated tools and look for answers on what is needed to help close the gap from detection to remediation.

Panel: DevOps Takes On The World

DevOps is a global phenomenon, with organizations in countries far and wide adopting DevOps tools, processes and culture to increase the speed, efficiency and reliability of their applications. In this webinar, we’ll delve into why DevOps has such a global reach and take a look at some of the international companies that have found success...

#DevSecOps

How SAP Integrates License Compliance & Security Into Their DevOps Pipeline

Gone are the days where open source components were only used by individual developers, start-ups or small corporations. Today, even the biggest corporate giants have realized the numerous benefits open source usage brings, thereby openly embracing this as part of their software to help them focus their efforts and push more code out of the...

Transforming from DevOps to DevSecOps at Scale

Many security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. Similarly, security groups believe that policy enforcement is their biggest (only?) lever… “If we can just update the...

#DevSecOps

Container Security at the Speed of CI/CD

DevSecOps is often associated with securing a development pipeline in traditional CI/CD frameworks. Join this session, held by Henrik Johansson, Principal – Office of the CISO at AWS, as he discusses and shows: – how public cloud technology enables you to fully embrace security automation in your infrastructure – how to account security using managed...

Lessons Learnt By An Agent Of Chaos From DevOps

Is your organization ready to embrace a DevOps mindset? Receive a pragmatic view from an agent of chaos, who’s promoting the goal for a single continuous integration and delivery pipeline, shifting testing, security, code reviews, and other opportunities to improve information sharing and quality to the left, shifting configuration to the right, and most importantly,...

#DevSecOps

How DevSecOps Automates The Way For Secure Open Source Usage

Open source software has become the building block in the applications we interact with nowadays. The good? Thanks to the time and cost efficiency it brings, organizations are able to facilitate productivity and innovation at a faster pace than ever. The bad (or rather, less good)? Many organizations are grappling with the security aspect when...

Security vs Developers – How to Make DevSecOps Work Together

DevSecOps has taken the world by storm. Ever since the DevSecOps philosophy stepped into the limelight in the past few years, a growing number of organisations are trying to ensure their businesses are set up with the security in mind (and practice) from the get-go. In theory, the concept is great. In practice? Less so,...

DevSecOps In The Cloud Is More Than Just CI/CD

#DevSecOps

Docker Container Monitoring: Protect Your Investment

Adam Murray
May 30, 2019

Whether deployed on-premise or in the cloud, you need to know how your containers are performing, especially since containers are becoming the backbone of mission-critical services.

Panel: DevOps Tools – DevSecOps Tools Worth Knowing

David Habusha, Dan Beauregard and Cody Wood discuss DevSecOps challenges and new tools you can use

#DevSecOps

Securing Container-Based Applications at the Speed of DevOps

Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security...

Key Takeaways from Stack Overflow’s 2019 Developer Survey

Adam Murray
April 25, 2019

Hoping to gain some useful insights into the developer industry trends, we dove into the data of the 2019 Stack Overflow Developer Survey.

#DevSecOps

Container Security: Securing from Within

Containers increase speed, simplify operations, improve development efficiency and bring a slew of other benefits, making them a top choice for agile deployment infrastructure. In our latest panel webinar with Container Journal, we outlined the critical importance of container security and provides best practices and tools to ensure your container environment is as secure as...

From Zero To Hero: Continuous Container Security in 4 Simple Steps

Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous...

Is One Programming Language More Secure Than The Rest?

Adam Murray
March 19, 2019

We researched open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, & C++, to learn which programming languages are most secure.

Whitesource and CircleCI Orbs: Secure your CI/CD Pipelines from Start to Finish

Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities. In this webinar with Circle CI, you’ll learn how: – WhiteSource Orb can...

#DevSecOps

Improving Security in a Devops World

application security is becoming a key area of focus for organizations. Join this interactive Q&A panel of industry experts to learn more about: – How to integrate application security testing into the DevOps process early on – Why automation, speed and coverage are critical to the success of DevSecOps programs – Speed vs Security: Where...

Mend To Offer New Pipe Integration for Bitbucket

Adam Murray
February 28, 2019

Mend solution for securing and managing open source usage is now available to Bitbucket users with a pipe integration of Its own.

#DevSecOps

The Devops Challenge: Open Source Security at Scale

It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018....

SecOps: How Security and Operation Teams Can Work Better Together

Adam Murray
January 17, 2019

Development is moving faster than ever. We break down what you need to know about shifting left to secure your DevOps pipeline with SecOps best practices.

3 DevOps Security Challenges & How to Overcome Them

3 DevOps Security Challenges and How to Overcome Them

Adam Murray
November 10, 2018

Enterprises are coming to realize that while DevOps tools and processes helping them stay innovative within tight release timelines, security risks remain real, immediate, and extremely costly

#DevSecOps

Securing the Code: DevOps Security and AppSec

DevSecOps represents a fundamental shift from the status quo by making security a much more collaborative effort. Applications are the business in this digital age. Securing the applications that drive your business is essential to providing safe digital experiences to your entire business ecosystem. With DevSecOps, security is automated and integrated into the development process....

The Next Generation of DevOps Adds Security into the Blend

Adam Murray
August 14, 2018

DevOps and DevSecOps are a generation apart from each other, representing a natural evolution to the integration of automated security into the DevOps movement.

#DevSecOps

The 5 Common Mistakes Your Devops Team is Making

Adam Murray
July 26, 2018

Despite the problems that DevOps solves, there are common mistakes that DevOps teams commit while working together to deliver the companies’ products.

#DevSecOps

Security at the Speed of Software Development – a lean-agile approach to achieving DevSecOps culture

DevSecOps offerings that are just DevOps lipstick on a traditional security-as-a-gate pig. Also, security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy an order of magnitude or more faster than human gating can achieve. What’s needed to...

How to Keep Your Apps Secure After Moving to SaaS From On-Prem

Adam Murray
March 22, 2018

The world of how work gets done has changed dramatically, moving at a faster pace with a far greater emphasis on collaboration for improving productivity. Today, virtually all software has a cloud...

Open Source vs. Free Software — What is The Difference?

Adam Murray
November 28, 2017

“Free” and “open source” are two terms commonly used interchangeably in the software industry. Yet, for many, the difference between the two is not always clear.

The Hidden Truth Behind DevOp’s Impact on Application Security

How is DevOps handling the growing use of open source? What is the role of DevOps in defining an open source strategy and policy? Read on to learn about companys' secret weapons against OS threats.

#DevSecOps

Mend.io Resource Center

Choose Your Type

Choose Your Topic