Node.js’ Post

Today Published one blog... How to implement Content Security Policy for different environments (react-node application) https://lnkd.in/dssdp9Er

New blog post about Elixir, Phoenix, and the OWASP Top 10. A frequently recommended security guide, the Top 10 is a useful resource for developers. Learn how to use it effectively in your own work! https://lnkd.in/eZcHkG8f 

Node.js Security Progress Report Update 💚✨ This month's report featured new security releases for Node.js, updates to the permission model, progress on automation of security releases and more. Check it out 👇 https://hubs.la/Q02x7QrL0

🔍 "...The Snyk report found that only 40% of the organizations surveyed are not using software composition analysis (SCA) or static application security testing (SAST) tools—and even fewer have adopted cloud-native security measures like configuration checks for infrastructure-as-code tools." According to Forbes, our 2023 State of Open Source Security Report provides a "comprehensive and eye-opening assessment of the current state of open-source security." Read the article by Tony Bradley to learn more. #opensource #supplychainsecurity #devsecops

👉 Protect and discover secrets using Gitleaks 📣 📣 🚀 GitLeaks is a robust tool designed to enhance the security of your code repository by notifying you of any inadvertent inclusion of sensitive information. By installing and setting up GitLeaks, you can guarantee the security of your codebase and stay informed about the presence of any sensitive information. #devops #security #devopsdice https://lnkd.in/diKRVy7Q

CISA published Open Source Software Security Roadmap - as expected two threats which is called out 1. Cascading Effects of Vulnerabilities in Widely-Used OSS: "vulnerabilities in popular open source software that can have widespread consequences" 2. Supply-Chain Attacks on Open Source Repositories: "malicious compromise of OSS components, leading to downstream compromises using tactics like compromising a developer's account to commit malicious code or a developer intentionally inserting a backdoor" Procyon PAM solution addresses #2 issue by linking developer identity to private key in Secure Enclave(MAC)/TPM(Win) -this ensures developer's account can't be compromised for repo access (e.g. GitHub). #security #github #supplychainsecurity #gitlab #procyon https://lnkd.in/d4esnzEN

So proud of this release, and all the teams that worked so hard to get it out the door! If you don't want to be in the headline as the next organization that's had a software supply chain compromise, this release is for you! Want to be sure you have immutable provenance for your software supply chain, at no extra burden to devs? Be sure to check out the in-toto attestations that are a key component of TAP's SLSA Level compliance! Want to automatically build container images without maintaining dockerfiles WHILE automatically remediating vulnerabilities? Check out the ability to automatically update your Cloud Native Build Packs and base images, which will automatically rebuild all of your applications to automatically remediate vulnerabilities? Concerned that the app you built one year ago but hasn't been touched since has vulnerabilities that is leaving your organization's front door open? Check out the ability to scan workloads using your organizations existing scanning tools! https://lnkd.in/gYwJbDdd

Building your #REST APIs with Spring Boot? Don't forget about security! 🔒 In this guide, our security research team has gathered 10 #Springboot security best practices that empower you to create more resilient applications. Dive right in 👇