Cider Blog

Our Thoughts and Insights on Application Security

Research

The Top 10 CI/CD Security Risks – Official Release
Today, we are proud to announce the release of the “Top 10 CI/CD Security Risks project” This extensive ef...
Why generating SBOM based on your code is far from enough
This isn’t yet another blog giving the SBOM 101. There is an abundance of those. This is a deep dive into th...
Exploiting Jenkins build authorization
TL;DR The default build authorization configuration in Jenkins — controlling the permissions allocated to pi...
PPE — Poisoned Pipeline Execution
Dev environments have become a major part of today’s attack surface. And within them, the most lucrative ass...
Secret Diver — Searching for deeply hidden secrets
Docker images are composed of layers. These containers, even after modifications and updates, may have secrets...
Our dependencies are under attack, and this time we were lucky…
In the past few weeks, our world infrastructure has been under attack. The attack is very simple: Find a depen...
Visualizing CI/CD from an attacker’s perspective
CI/CD environments and processes are increasingly becoming a key area of focus for both hackers and — conseq...
NPM might be executing malicious code in your CI without your knowledge
The JavaScript ecosystem is highly reliant on dependencies. And all I wanted was a method to safely downl...
Optimizing your resilience against Log4Shell
Collection of actionable measures — across Prevention, Mitigation, Detection and assessment — for coping w...
Cider Security has been acquired by Palo Alto Networks