CI/CD Security

January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
January 11, 2023

Danger: Researchers exploit gaps in connected vehicle software supply chain

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.
November 1, 2022

8 CI/CD best practices: Secure your software development pipeline

Don't neutralize CI/CD business gains by failing to account for risk. Here are eight best practices to ensure your software development pipeline is secure.
October 25, 2022

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

Modern software supply chain security depends on getting your tools right, and focusing on the end-to-end software development lifecycle. Here's what you need to maintain your software development and release and stay secure.
September 15, 2022

Why Twitter security sucks: Half of staff has PII access

Twitter’s former head of security, Peiter “Mudge” Zatko (pictured), has some damning things to say about the service’s DevOps security — or lack of it.
August 22, 2022

To secure your CI/CD pipelines, round up the usual suspects

Exploring the “how” of CI/CD compromises, researchers show many of the culprits will be familiar to security teams.

SUBSCRIBE

Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain