See exactly where and how vulnerabilities end up in your container images so that you can fix the ones that matter and stop ignoring vulnerabilities.
See exactly where and how vulnerabilities end up in your container images so that you can fix the ones that matter and stop ignoring vulnerabilities.
We shipped support for detecting new vulnerabilities introduced in pull requests so that you can find and fix them. This approach gives you an effective way to detect and address new critical vulnerabilities before they hit production.
We shipped support for detecting new vulnerabilities introduced in pull requests so that you can find and fix them. This approach gives you an effective way to detect and address new critical vulnerabilities before they hit production.
Instead of drowning in a sea of reported vulnerabilities, see how each pull request will affect the overall security risk of a project and block changes that add new critical vulnerabilities, moving steadily toward more secure applications.
Instead of drowning in a sea of reported vulnerabilities, see how each pull request will affect the overall security risk of a project and block changes that add new critical vulnerabilities, moving steadily toward more secure applications.
Today we shipped an early access version of our new Docker security feature-set. The focus is on container safety — keeping images up to date, and detecting new vulnerabilities introduced by commits.
Today we shipped an early access version of our new Docker security feature-set. The focus is on container safety — keeping images up to date, and detecting new vulnerabilities introduced by commits.
Get the knowledge and inspiration you need to do your best work and deliver great software.
Your custom secrets are likely some of the most critical to protect. This post outlines how you can up-level your scanning with a simple regular expression pattern added to the Secret Scanner skill, which is not covered by your Git provider scans, like GitHub's secret scanning.
Your custom secrets are likely some of the most critical to protect. This post outlines how you can up-level your scanning with a simple regular expression pattern added to the Secret Scanner skill, which is not covered by your Git provider scans, like GitHub's secret scanning.
Security starts at home, and using `npm audit` as part of your local development process is highly recommended. This post will address the importance of making your audits automatic and how to package up the fixes in tidy pull requests — you'll keep your codebase safer while staying sane.
Security starts at home, and using `npm audit` as part of your local development process is highly recommended. This post will address the importance of making your audits automatic and how to package up the fixes in tidy pull requests — you'll keep your codebase safer while staying sane.
Don't risk letting credentials and sensitive information sit in your codebase for the taking. You need an in-depth defense strategy to keep all your secrets under wraps. In this post, we outline a few ideas and examples.
Don't risk letting credentials and sensitive information sit in your codebase for the taking. You need an in-depth defense strategy to keep all your secrets under wraps. In this post, we outline a few ideas and examples.
Today we're shipping the public beta of our Skills catalog, which encapsulates knowledge in the form of pre-built automations (called skills) that you configure to use — like a purpose-built IFTTT recipe.
Today we're shipping the public beta of our Skills catalog, which encapsulates knowledge in the form of pre-built automations (called skills) that you configure to use — like a purpose-built IFTTT recipe.