Interested in ecosystem-specific posts? We’ve got your back! Read through our posts and learn how security impacts your environment.
If you find sensitive data in your Azure Repos repository, you need to do a number of things to recover. First of all you'll need to invalidate the tokens and passwords that were once public. Once a secret is public on the internet, you should assume it's in the hands of attackers and react accordingly.
The following is a best practice guideline from our series of 8 Azure Repos security best practices DOWNLOAD THE CHEAT SHEET! 3. Tightly control access to your Azure Repos Here in the UK, when it gets really, really hot (read: mildly warm) us Brits tend to open all the windows in the house to make […]
The following is a best practice guideline from our series of 8 Azure Repos security best practices DOWNLOAD THE CHEAT SHEET! 4. Add a SECURITY.md file to your Azure Repos It’s natural for most project owners and maintainers to add a README.md for their repository. In fact, these days it’s expected and it’s quite frowned […]
Two-Factor Authentication (2FA) adds an additional level of security to your account by requiring not just a username and password, but also a unique code from an authenticator application or sent to you by SMS. This ensures that even if your password is compromised, an attacker can't login to your account without also having your cell phone.
By adding Snyk’s native integration with Azure Repos, each pull request will be tested to ensure new vulnerabilities aren’t introduced into the code base. Policies can be defined to configure the severity level of a vulnerability that fails the merge. The following image displays a failed PR due to new vulnerabilities that it would have added:
Azure Repos access is typically done using SSH keys or personal access tokens (in lieu of a password). But what happens if those tokens are stolen and you didn’t know? Be sure to refresh your keys and tokens periodically, mitigating any damage caused by keys that leaked out.
Following the rule of least privilege, ensure that contributors exist in the correct groups and therefore have the necessary permissions to work. Try to restrict administrative actions where possible.
Docker Hub may have reset your account details if it detected that it was part of the breach. What could potentially happen? What should I do to protect my code?
we’re delighted to announce a new partnership with the Linux Foundation to support the launch of CommunityBridge; the Foundation’s new funding and innovation platform designed to empower open source developers - and the individuals and organizations who support them - to advance sustainability, security, and diversity in open source technology.
Introduction In this post, we’ll look deeper into Docker images and the container ecosystems that were covered in our State of Open Source Security report, including our finding that the top ten Docker images contain over 8,000 vulnerable paths. We are excited to help our community better understand Docker security. Since the previous State of […]
Snyk now integrates with Bitbucket Pipes, which allows Bitbucket users to secure their continuous integration/continuous delivery (CI/CD) workflow by finding, fixing and monitoring open-source vulnerabilities (vulns) in their application or docker image dependencies.