DevSecOps - Aqua https://www.aquasec.com/tag/devsecops/ Cloud Native Security, Container Security & Serverless Security Wed, 03 Jul 2024 08:03:55 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks https://www.aquasec.com/blog/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks/ Wed, 16 Aug 2023 08:59:30 +0000 https://www.aquasec.com/?p=14265 PowerHell: Active Flaws in PowerShell Gallery Expose Users to AttacksRecent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery’s policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for …]]> Fortune 500 at Risk: 250M Artifacts Exposed via Misconfigured Registries https://www.aquasec.com/blog/250m-artifacts-exposed-via-misconfigured-registries/ Mon, 24 Apr 2023 08:58:28 +0000 https://www.aquasec.com/?p=14418 Fortune 500 at Risk: 250M Artifacts Exposed via Misconfigured RegistriesWhat if you were told that you had a misconfigured registry with hundreds of millions of software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? This would be what you’d call a really bad day for security. Recently, the Aqua Nautilus research team found just that in …]]> Establishing a Resilient DevSecOps Action Plan https://www.aquasec.com/blog/establishing-resilient-devsecops/ Thu, 23 Feb 2023 11:00:00 +0000 https://www.aquasec.com/?p=14461 Establishing a Resilient DevSecOps Action PlanDevSecOps is an easy term to toss around. But what does it mean, exactly? What actually goes into an effective DevSecOps strategy? And how do cloud and DevOps impact DevSecOps processes?  To find out, I participated in a conversation with Merritt Baer, principal in the AWS Office of the CISO, to discuss the best ways …]]> Can You Trust Your VSCode Extensions? https://www.aquasec.com/blog/can-you-trust-your-vscode-extensions/ Fri, 06 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14494 Can You Trust Your VSCode Extensions?Aqua Nautilus researchers have recently discovered that attackers can easily impersonate popular Visual Studio Code extensions and trick unknowing developers into downloading them. In original vulnerability research, we’ve uncovered a new attack method which could act as an entry point for an attack on many organizations. We’ve also discovered that some extensions may have already …]]> Aqua CyberArk Conjur Certification: Making DevSecOps Easier https://www.aquasec.com/blog/aqua-cyberark-conjur-certification-easier-secrets-management/ Thu, 27 Oct 2022 16:49:12 +0000 https://www.aquasec.com/?p=14579 Aqua CyberArk Conjur Certification: Making DevSecOps EasierAqua Security is excited to announce that our newly certified integration with CyberArk Conjur Secrets Manger for both Conjur Secrets Manger Enterprise and Conjur Secrets Manager Open Source is now available in the CyberArk Marketplace. This integration makes it even easier for Aqua Security customers to inject secrets that are managed, audited, rotated, and protected …]]> Golang Scanning with Trivy: Detect Vulnerabilities Accurately https://www.aquasec.com/blog/trivy-golang-scanning/ Tue, 09 Nov 2021 16:31:58 +0000 https://www.aquasec.com/?p=15083 Golang Scanning with Trivy: Detect Vulnerabilities AccuratelyA standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a container image. Fortunately, if you’re using Trivy, a popular …]]> Key Requirements for CWPP (Cloud Workload Protection Platforms) https://www.aquasec.com/blog/gartner-cloud-workload-protection-platforms/ Tue, 19 Oct 2021 09:30:00 +0000 https://www.aquasec.com/?p=15117 A Brief Guide to Supply Chain Security Best Practices https://www.aquasec.com/blog/supply-chain-security-best-practices/ Thu, 30 Sep 2021 10:02:28 +0000 https://www.aquasec.com/?p=15142 A Brief Guide to Supply Chain Security Best PracticesWith the rise in attacks targeting the supply chain of cloud native applications, it’s important to understand how you can prepare for and stifle risks that enter your environments through third-party packages and tools. This post outlines the top software supply chain security best practices that should be included in any organization’s cloud native strategies. …]]> How GitLab Innovates DevOps Security Using Aqua Trivy https://www.aquasec.com/blog/trivy-scanner-gitlab-case-study/ Wed, 04 Aug 2021 10:03:10 +0000 https://www.aquasec.com/?p=15196 How GitLab Innovates DevOps Security Using Aqua TrivyDigital leaders must adapt, scale, and fine-tune their operations and the solutions they provide to their customers to keep up with market demands. GitLab provides a complete DevOps platform in a single application to help developers and engineers across all industries to be successful. With many high-profile security breaches putting providers like Codecov into the …]]> Cloud Native Best Practices: Security Policies in CI/CD Pipelines https://www.aquasec.com/blog/cloud-native-security-best-practices-devops-security/ Wed, 22 Jan 2020 13:17:09 +0000 https://www.aquasec.com/?p=15654 Cloud Native Best Practices: Security Policies in CI/CD PipelinesWith the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As containers are becoming the architecture of choice for cloud native applications development, developers are …]]>