Tag: vulnerability scanning
-
CSA: The Evolution of DevSecOps with AI
Source URL: https://cloudsecurityalliance.org/blog/2024/11/22/the-evolution-of-devsecops-with-ai Source: CSA Title: The Evolution of DevSecOps with AI Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the significant role of artificial intelligence (AI) in transforming DevSecOps practices, aiming to enhance the integration of security into software development processes. The article highlights how AI improves vulnerability detection, real-time monitoring,…
-
Anchore: Grype Support for Azure Linux 3 released
Source URL: https://anchore.com/blog/grype-support-for-azure-linux-3-released/ Source: Anchore Title: Grype Support for Azure Linux 3 released Feedly Summary: On September 26, 2024 the OSS team at Anchore released general support for Azure Linux 3, Microsoft’s new cloud-focused Linux distribution. This blog post will share some of the technical details of what goes into supporting a new Linux distribution…
-
Anchore: Who watches the watchmen? Introducing yardstick validate
Source URL: https://anchore.com/blog/who-watches-the-watchmen-introducing-yardstick-validate/ Source: Anchore Title: Who watches the watchmen? Introducing yardstick validate Feedly Summary: Grype scans images for vulnerabilities, but who tests Grype? If Grype does or doesn’t find a given vulnerability in a given artifact, is it right? In this blog post, we’ll dive into yardstick, an open-source tool by Anchore for comparing…
-
Anchore: Shift Security Left with Anchore Enterprise
Source URL: https://anchore.com/solution-guide/shift-security-left-with-anchore-enterprise/ Source: Anchore Title: Shift Security Left with Anchore Enterprise Feedly Summary: In this guide we present a battle-tested, shift- left developer workflow with the help of Anchore Enterprise. The workflow infrastructure will include GitLab as the continuous integration (CI) pipeline, Anchore Enterprise as the vulnerability scanner and Jira as the remediation tracking…
-
Hacker News: Build your own AutoFix with Patchwork
Source URL: https://www.patched.codes/blog/build-your-own-autofix-with-patchwork Source: Hacker News Title: Build your own AutoFix with Patchwork Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the creation of an AutoFix tool designed to automatically detect and remediate software vulnerabilities, leveraging fine-tuned LLMs (Large Language Models). This tool promises greater flexibility and user control over configuration…
-
Anchore: Mark Your Calendars: Anchore’s Must-Attend Events and Webinars in October
Source URL: https://anchore.com/blog/anchore-october-2024-events/ Source: Anchore Title: Mark Your Calendars: Anchore’s Must-Attend Events and Webinars in October Feedly Summary: Are you ready for cooler temperatures and the changing of the leaves? Anchore is! We are excited to announce a series of events and webinars next month. From in-person conferences to insightful webinars, we have a lineup…
-
Anchore: How to build an OSS vulnerability management program
Source URL: https://anchore.com/blog/build-open-source-software-security-program-with-sbom-generation-and-vulnerability-scanning/ Source: Anchore Title: How to build an OSS vulnerability management program Feedly Summary: In previous blog posts we have covered the risks of open source software (OSS) and security best practices to manage that risk. From there we zoomed in on the benefits of tightly coupling two of those best practices (SBOMs…
-
Anchore: SBOMs and Vulnerability Management: OSS Security in the DevSecOps Era
Source URL: https://anchore.com/blog/sboms-and-vulnerability-scanning-oss-security-for-devsecops/ Source: Anchore Title: SBOMs and Vulnerability Management: OSS Security in the DevSecOps Era Feedly Summary: The rise of open-source software (OSS) development and DevOps practices has unleashed a paradigm shift in OSS security. As traditional approaches to OSS security have proven inadequate in the face of rapid development cycles, the Software Bill…
-
Anchore: DreamFactory Achieves 75% Time Savings with Anchore: A Case Study in Secure API Generation
Source URL: https://anchore.com/blog/dreamfactory-air-gap-on-prem-anchore-enterprise-case-study/ Source: Anchore Title: DreamFactory Achieves 75% Time Savings with Anchore: A Case Study in Secure API Generation Feedly Summary: As the popularity of APIs has swept the software industry, API security has become paramount, especially for organizations in highly regulated industries. DreamFactory, an API generation platform serving the defense industry and critical…