Hey everyone, what's cooking in the open-source universe? I just stumbled upon something that's seriously mind-blowing.

So, there's this Python library pretending to be a music tool (automslc), but get this – it's actually illegally downloading songs from Deezer! And the worst part? It turns your computer into an accomplice in a huge music piracy operation. Seriously, a digital pirate cove.

And then there's this npm saga with @ton-wallet/create... Crypto wallet emptied, just like that!

The moral of the story? Open source rocks, but blindly trusting everything is a recipe for disaster. Always double-check those dependencies! Automated scans are cool, but a real penetration test? That's pure gold.

Clients are always so appreciative when we can spot and fix this kind of stuff beforehand!

Now, I'm curious: What are your go-to methods for keeping your codebase squeaky clean and secure? Any tips or tricks you'd like to share?

DevSecOps demystified: Leveraging Software Bill of Materials for enhanced security in modern software development | We Love Open Source - All Things Open https://allthingsopen.org/articles/devsecops-sbom-security-software-development #DevSecOps #opensource

Kill a Process Running on a Specific Port in Linux (via 4 Methods)
#Linux #SysAdmin #DevOps #Networking #DevSecOps
https://linuxtldr.com/kill-a-process-running-on-a-specific-port-in-linux/

Ресурс для #DevOps

#Docker #GitHub Actions #k8s #Go #Helm #Prometheus #ArgoCD #Jenkins #GitOps #DevSecOps #Linux

https://devops.pradumnasaraf.dev/

Buenos días developers Hoy me he levantado con la increíble noticia de haber superado los 20.000 suscriptores en mi canal de YouTube (https://buff.ly/3Z9WTcm) Muchísimas gracias a tod@s pos vuestro apoyo! Seguimos #DevOps #DevSecOps #PlatformEngineering #GitHub #IA #Docker #Contenedores #Kubernetes

Struggling to pick an #SBOM generator? Focus on your use-cases, ecosystem compatibility, data accuracy, #DevSecOps integration, and whether to go #OpenSource. Dive into our new blog post for insights! https://anchore.com/blog/choose-an-sbom-generation-tool-a-framework

Abbiamo pubblicato la registrazione del nostro incontro di Ottobre 2024

Potete rivedere gli splendidi talk di Matteo Vitali @trotto e Marco Pagliaricci

Correte sul nostro canale YouTube
https://youtu.be/JxwPAoPfFv0?si=KBsYyFfvK8J-UEds

November OWASP Ottawa Meetup Alert

Join us for an in-person #OWASPOttawa meetup next week at the University of Ottawa!

We’ve got two fantastic speakers (Tanya Janca and Gabriel Kronfeld) lined up to dive deep into #DevSecOps and #OWASPTop10.

Gabriel Kronfeld presents "A Brief overview of the OWASP Top 10"

Tanya Janca presents "DevSecOps Worst Practices"

RSVP link: https://www.meetup.com/owasp-ottawa/events/304507525

I just published "Why Bitbucket Never Caught Up With GitHub: A Comprehensive Analysis".

You can check my friend link here:
https://medium.com/@carlspring/why-bitbucket-never-caught-up-with-github-a-comprehensive-analysis-a09616cc48e9?sk=8829b3c881c4e05a9aa5d59e172954d7

#OpenSource isn't a vendor—you are! Find out what this means for #compliance in regulated sectors and how to manage #OSS responsibly. Dive into our new blog post: https://anchore.com/blog/navigating-open-source-compliance-in-regulated-industries/ #DevSecOps

#OpenSource: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich - Open-Source - Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen?

Statement von Zac Warren, #Tanium

#OpenSource enthusiasts, #DevSecOps practitioners, federal contractors: Anchore's October is for you! Our new blog post maps out a month of must-attend events. Dive in! https://anchore.com/blog/anchore-october-2024-events/

From source to production: Learn how to implement comprehensive OSS #VulnerabilityManagement. Our new blog post has all the details you need to get started! #OpenSource #DevSecOps Dive in here https://anchore.com/blog/build-open-source-software-security-program-with-sbom-generation-and-vulnerability-scanning/

New Kexa release & tutorial : Kexa Helm charts

It was time for us to release the Helm chart for Kexa !

Dive into the article: https://medium.com/@contact_52772/kubernetes-more-easy-monitoring-alerting-kexa-deployment-with-helm-open-source-c6afdbe8b64e

Like our project ? Do not forget to star us on Github
https://github.com/kexa-io/Kexa

#Kexa #Helm #Kubernetes #CloudServices #ComplianceAutomation #CloudMonitoring #SecurityVerification #CloudInnovation #TechSolutions #CloudConformity  #OpenSource

Revolutionize your #OpenSource security with #SBOM! Discover how they're transforming #VulnerabilityManagement in the #DevSecOps era. Learn about new use-cases, benefits, and real-world impacts. https://anchore.com/blog/sboms-and-vulnerability-scanning-oss-security-for-devsecops/

#OpenSource: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich. Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen?

Statement from Lorin Samija, #SySS

#OpenSource: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich - Open-Source - Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen?

Statement von Harold Butzbach, #Sysdig

#OpenSource: Reports that cybercriminals are infiltrating open source software with dangerous exploits or backdoors are on the rise. Is there a security time bomb ticking in freely available software? How can developers in particular protect themselves against dangerous backdoors or malware?

Statement from Nico Dekens, SANS Institute

#Exploit #Backdoor #OpenSourceSoftware #Developer #SecOps #DevSecOps #TimeBomb #Cybersecurity #Security #Cybercrime #Cybersicherheit
@SANSInstitute #Code

I've repeatedly referenced Tanya Janca's book, "Alice and Bob Learn Application Security," in weekly articles on secure coding practices that I send out to scores of hard working devs, BAs, architects, program managers, etc. The feedback has been excellent. Some have bought the book themselves. Thanks, Tanya! #infosec #cybersecurity #devsecops #appsec