xGitGuard is a tool built by Comcast to keep inadvertently uploaded authentication secrets out of GitHub repositories that is now available as open-source software. It can be used to scan GitHub at scale and identify proprietary authentication secrets, specifically passwords, API keys, and tokens. Development teams can use xGitGuard to identify credentials in their own … continue reading
Secure Code Warrior, a global security organization, has joined GitLab’s global partner program. This new partnership means that Secure Code Warrior will make its learning platform available to developers on GitLab’s DevOps platform. This integration will work to enhance real-time secure coding guidance, which is an important piece of the process of detecting and fixing … continue reading
When we talk about progress, typically, digital advancement is at the forefront of the conversation. We want everything better, faster, more convenient, more powerful, and we want to do it for less money, time, and risk. For the most part, these “impossible” objectives are eventually met; it might take several years and multiple versions (and … continue reading
Organizations that build or maintain mobile applications have a greater responsibility than ever to secure their applications as the number of application downloads continues to grow. 3.8 billion smartphone users accounted for 218 billion app downloads in 2020 alone. Zimperium conducted a survey last year in which 250 enterprises described the security issues they struggled … continue reading
Last year, Google announced Google Identity Services (GIS), which is a set of APIs that consolidated several identity offerings from the company. Included in the GIS development kit are the Sign in with Google button and the authentication prompt One Tap. Now, Google is adding an authorization feature to GIS to bolster the offerings of … continue reading
The software industry’s reliance on open source along with a sharp increase in open source software (OSS) dependencies helped to make supply chains a major security target. 64% of organizations were impacted by a software supply chain attack in the last year according to a recent report. The report, The 2022 State of the Software … continue reading
API company Kong announced the general availability of Kong Enterprise 2.7, which delivers 25% faster performance compared to previous versions, improved security, and streamlined workflows. Kong Enterprise is a service connectivity platform that enables organizations to secure, connect and orchestrate their APIs and services across cloud native, hybrid and on-premise environments. The new version achieved … continue reading
For a long time, security teams have been able to mostly rely on the safety of a security perimeter, but with things like IoT, embedded development, and now remote and hybrid work, this notion of a defensible perimeter is totally gone. Having all of these connected devices that don’t live under one network expands the … continue reading
OpenSSF announced the Alpha-Omega Project to improve the security posture of open-source software by working together with software security experts. Microsoft and Google are supporting the project, which aims to improve global OSS supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open source code with a $5 … continue reading
Codefresh launched the Codefresh Software Delivery Platform (CSDP), which brings the Argo toolset, including Workflows, Events, CD, and Rollouts, into a single platform. Argo is an open-source project that Codefresh maintains that offers tools for running workflows and managing clusters in Kubernetes. “Enterprise-class tooling for Argo – built on GitOps best practices – enables faster … continue reading
Security company ShiftLeft today announced the new release of its ShiftLeft CORE platform with the Velocity Update that has new features for identifying and addressing potential vulnerabilities earlier in the software development life cycle. New features and capabilities include the ability to perform code analysis for Kotlin apps for mobile development, which is an early-stage … continue reading
Weaveworks acquired the policy-as-code startup Magalix to secure Kubernetes applications by integrating the solution into Weave GitOps. “Enterprise customers have made it clear that trusted application delivery is critical to the success of their increasingly complex cloud native platforms,” said Alexis Richardson, the CEO of Weaveworks. “With the acquisition of Magalix, Weaveworks introduces customizable policies, … continue reading
