SOFTWARE SUPPLY CHAIN SECURITY - Aqua Cloud Native Security, Container Security & Serverless Security Tue, 29 Oct 2024 07:37:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 Combatting Phantom Secrets with Historical Secret Scanning https://www.aquasec.com/blog/combatting-phantom-secrets-with-historical-secret-scanning/ Thu, 26 Sep 2024 03:27:04 +0000 https://www.aquasec.com/?p=22743 Combatting Phantom Secrets with Historical Secret ScanningYou’ve likely heard of Schrödinger’s Cat from quantum mechanics—both alive and dead until the box is opened. This paradox mirrors a critical risk in modern development: the secrets embedded in your code. You might assume they’re long deleted, but until you examine the depths of commit history, you can’t be certain. Recently, Aqua Nautilus team …]]> Lasting Legacy of Log4j: Lessons for Runtime Security https://www.aquasec.com/blog/lasting-legacy-of-log4j-lessons-for-runtime-security/ Wed, 13 Dec 2023 12:02:20 +0000 https://www.aquasec.com/?p=14178 Lasting Legacy of Log4j: Lessons for Runtime SecurityAnother December is upon us, stores are full of shoppers, lights are illuminating cities, towns and cul-de-sacs as radio stations bombard listeners with the continuous rotation of holiday music. Yet amongst all this merriment sits the IT security professional behind their screen completing their end of year tasks. Their eyes slowly twitch, and they fill …]]> Combating Unknown Unknowns In Hybrid IT Environments https://www.aquasec.com/blog/combating-unknown-unknowns-in-hybrid-it-environments/ Wed, 08 Nov 2023 18:12:01 +0000 https://www.aquasec.com/?p=17498 Zero-Day Attack Prevention Through Supply Chain Security https://www.aquasec.com/blog/zero-day-attack-prevention-through-supply-chain-security/ Thu, 02 Mar 2023 14:46:13 +0000 https://www.aquasec.com/?p=14460 Zero-Day Attack Prevention Through Supply Chain SecuritySupply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components. I recently organized a webinar with and Teresa Pepper, our EMEA Partner Manager. …]]> Software Supply Chain Security vs. SCA: What’s the Difference? https://www.aquasec.com/blog/software-compositio-analysis-vs-supply-chain-security/ Thu, 09 Feb 2023 15:15:08 +0000 https://www.aquasec.com/?p=14463 Software Supply Chain Security vs. SCA: What’s the Difference?As reliance on software increases in both personal and professional contexts, security of the software supply chain has become a critical concern. Ensuring the security and quality of software is essential for protecting against digital attacks, data breaches, and other cyber threats. Two practices that play a key role in ensuring software security are software …]]> What To Know: A Summary of the Compliance Guide to SSDF https://www.aquasec.com/blog/summary-compliance-guide-to-ssdf/ Tue, 24 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14490 What To Know: A Summary of the Compliance Guide to SSDFNIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to methodical attacks on an organization’s code, infrastructure, development toolchain, and dependencies. …]]> Should You Use SLSA or CIS Software Supply Chain Security Guidelines? https://www.aquasec.com/blog/slsa-or-cis-software-supply-chain-security-guidelines/ Thu, 12 Jan 2023 13:43:14 +0000 https://www.aquasec.com/?p=14492 Should You Use SLSA or CIS Software Supply Chain Security Guidelines?With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. But with so many reputable sources creating guidance, which is …]]> Supply Chain Security: Shifting Left to the Golden Pipeline https://www.aquasec.com/blog/supply-chain-security-shifting-left-to-the-golden-pipeline/ Wed, 11 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14493 Supply Chain Security: Shifting Left to the Golden PipelineAccording to an article in Security Magazine, 98% of organizations have been negatively impacted by a cybersecurity breach in their supply chain. Aqua’s 2021 Software Supply Chain Security Review notes that “attackers focused heavily on open source vulnerabilities and poisoning, code integrity issues, exploiting the software supply chain process and supplier trust to distribute malware …]]> Trivy: The Universal Scanner to Secure Your Cloud Migration https://www.aquasec.com/blog/trivy-software-supply-chain-security/ Thu, 22 Sep 2022 15:44:36 +0000 https://www.aquasec.com/?p=14615 Trivy: The Universal Scanner to Secure Your Cloud MigrationApplication security teams are challenged today with the need for a centralized view of exposure to security issues like Log4j and Spring4Shell. But an exploding set of artifacts and security tools makes it prohibitively difficult to secure the development life cycle. A universal scanner drastically reduces this management overhead and gets you started quickly. We …]]> Gartner Report for SBOMs: Key Takeaways You Should Know https://www.aquasec.com/blog/gartner-report-sbom-security/ Mon, 02 May 2022 09:30:00 +0000 https://www.aquasec.com/?p=14814 Gartner Report for SBOMs: Key Takeaways You Should KnowIn its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective mitigation of risks. Without this visibility, organizations’ …]]>