How much would enterprises spend for being made aware of a single supply chain vulnerability?
Dec 12, 2022
12 mins read
TL;DR – A lot they would!!! Bug bounty has taken the world by storm. Large corporations pay bug bounty h...
How to secure your Open Source Project – A quick guide for developers
Foreword This blog is designed to provide developers with a practical, straightforward guide to secure their o...
Asi Greenholts
@TupleType
OWASP Top 10 CI/CD Security Risks
Cider Security is excited to announce the “Top 10 CI/CD Security Risks” framework is now officially an OWA...
Daniel Krivelevich
@Dkrivelev
From Onboarding to Offboarding – Securing GitHub Apps Integration
GitHub officially recommends using GitHub Apps when integrating with GitHub, as they are easy to build and enj...
Yaron Avital
@yaronavital
The Consequences of Inadequate Identity Management in your GitHub Organization
Jul 27, 2022
10 mins read
Identity and Access Management has always been a major area of concern and focus for organizations, across all...
Yaron Avital
@yaronavital
Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
Introduction Attackers are always on the lookout to gain access to credentials, which are a critical asset to ...
Asi Greenholts
@TupleType
The Heroku and Travis-CI credential compromise – Action items for defenders
This weekend, GitHub security announced that they are investigating malicious activity, which appears to indic...
Daniel Krivelevich
@Dkrivelev
CI/CD Goat – A deliberately vulnerable CI/CD environment
Today we are excited to announce the launch of “CI/CD Goat” – a deliberately vulnerable CI/CD enviro...
Asi Greenholts
@TupleType
The Top 10 CI/CD Security Risks – Official Release
Today, we are proud to announce the release of the “Top 10 CI/CD Security Risks project” This extensive ef...
Daniel Krivelevich
@Dkrivelev