Devsecops

DevSecOps is the practice of integrating security into the software development and deployment process, and there are many tools available to support this process. A comprehensive list of DevSecOps tools would include the following categories: Code Analysis and Quality Tools: SonarQube, Checkmarx, Fortify, Veracode, CodeClimate, Coverity Container security: Aqua Security…

As digital landscapes continue to expand, with the proliferation of IoT devices, cloud platforms, and increasingly sophisticated applications, the complexity of maintaining cybersecurity has escalated exponentially. With more potential attack vectors than ever before, understanding what’s happening within a system at any given moment has become critical. Enter the realms…

Introduction: The evolution of software development has seen a transformation from the traditional waterfall model to more integrated methodologies like Agile, DevOps, and now, DevSecOps. This transition to DevSecOps symbolizes an important shift towards the integration of security practices within the DevOps pipeline. This article will provide an overview, highlight…

In Kubernetes, a service account is an identity that is used by applications or processes running within the cluster to authenticate and interact with the Kubernetes API server. It provides a way to control the permissions and access levels for applications or services. When a service account is created, it…

“tasklist.exe” is an executable which is located at “%windir%\System32\tasklist.exe”. It allows displaying the list of currently running processes on the system (https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc730909(v=ws.11)). On 64-bit systems there is also a 32-bit version located at “%windir%\SysWOW64\tasklist.exe”. Moreover, a user with sufficient permissions can also list the processes of a remote system using…

In this article , We’ll cover our end of year project consisting of implementing a DevSecOps pipeline for a data engineering application. Tools used Gitlab CI/CD AWS Terraform SonarQube Horusec Trivy Application Architecture Our project consists of 4 micro-services: A service that serves as Front end and handles the Login feature. A service that…

Consolidated view of past CI/CD runtime detections across GitHub Actions workflows in your organization — Introduction Harden Runner is a security agent for GitHub-hosted and Actions Runner Controller (ARC) based self-hosted GitHub Actions runners designed to block egress traffic and detect code overwrite, thereby preventing potential breaches, like the SolarWinds or the Codecov incidents. Previously, Harden Runner users were notified of threat detections through Slack or…

Zeno DevSecOps Weekly Newsletter is part of FAUN Developer Community. We help developers learn and grow by keeping them up with what matters. — ⭐ Sponsors The all-in-one monitoring solution for IT admins, DevOps and SREs Get deep visibility into the performance of your complex enterprise applications and cloud native workloads. Identify potential issues, improve productivity, and ensure that your business and end users are unaffected by downtime and substandard performance.

In this article , We’ll cover my end of year project consisting of implementing a DevSecOps pipeline for a data engineering application. Tools used Gitlab CI/CD AWS Terraform SonarQube Horusec Trivy Application Architecture Our project consists of 4 micro-services: A service that serves as Front end and handles the Login feature. A service that…