5 best practices for securing your CI/CD with software bills of materials
SBOMs are essential — but making them useful in CI/CD environments is tricky. Here are 5 key best practices.
Jaikumar Vijayan
Freelance technology journalist. A former Senior Editor of Computerworld, Jai is a journalist and technology content writing specialist, with 20+ years of award-winning experience in IT trade journalism. He is a correspondent for the Christian Science Monitor and a contributor to Dark Reading, eWEEK, Datamation, IBM Security Intelligence, and Third Certainty. He writes features and covers breaking news stories on information security, data privacy, and big data/business analytics. His recent projects include ERP case studies and an e-book on enterprise mobility management best practices.
Posts from Jaikumar Vijayan
5 best practices for securing your CI/CD with software bills of materials
How mature is your open-source risk management? S2C2F helps map dependencies
The OpenSSF's Secure Supply Chain Consumption Framework can be used to better discover the risks of open-source components — but remediation is left for organizations to figure out later.
Docker's BuildKit adds attestation: How it works and key limitations
Here's what you need to know about BuildKit and its Supply Chain Levels for Software Artifacts (SLSA) provenance capabilities for SBOMs.
3 reasons to upgrade your AppSec testing to tackle supply chain security
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
Lessons from Log4Shell: 4 key takeaways for DevSecOps teams
The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.
Why you should get out in front of software security requirements
Get out in front of new compliance requirements for a competitive advantage. Here's what your software organization needs to know.
4 ways GitOps can help secure your software pipeline
GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.