14 matches found
EUVD-2023-2156
Malicious code in bioql PyPI...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2024-52582
Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This...
Secure Your APIs and Reduce Your Attack Surface With Modern, AI-powered API Security in Qualys Web Application Scanning (WAS)
The rise of APIs presents both opportunities and challenges in today’s hyperconnected digital world. APIs are integral to digital transformation initiatives across industries. The latest data indicates that over 83% of web traffic now comprises API traffic, highlighting their critical role in...
Practical Guidance For Securing Your Software Supply Chain
The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who...
An End-to-End Approach to Next-Gen Security for Web Applications & APIs
According to Verizon’s 2022 Data Breach Investigations Report, web applications remain both the top hacking vector and data breach pattern, accounting for roughly 70% of security incidents. This is because web applications are everywhere and easily probed for weaknesses. A vulnerability in any...
Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...
Workshop: Visibility Into Open Source Code
Learn how to leverage Trend Micro Cloud One - Open Source Security by Snyk with your code repositories and CI/CD pipelines to scan projects. Resulting in better visibility, tracking, and early awareness into open source issues...
Workshop: Visibility Into Open Source Code
Learn how to leverage Trend Micro Cloud One - Open Source Security by Snyk with your code repositories and CI/CD pipelines to scan projects. Resulting in better visibility, tracking, and early awareness into open source issues...
Broken pipelines for everyone!
With SonarQube 8.9 LTS, SonarSource has made failing the pipeline available for everyone, using any CI you want. For people watching for a long time, this might seem like a contradiction. Let me explain. Yes, we have gone back and forth for a while on this feature, but the user community has...
What are the benefits of SAST testing in CI/CD pipelines?
Static application security testing SAST is traditionally used in software development lifecycles both early on in the process and often to "white box" test all files containing source code. Integrating SAST into modern CI/CD pipelines allows developers to continuously monitor their code, providi...
Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline
After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we've published the new guide, Assess Vulnerabilities and...
RunC Container Breakout Vulnerability
Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious cod...
Visual Studio Security Extension: Puma Scan
Visual Studio Security Extension Puma Scan is the leading software security Visual Studio analyzer extension. Built on top of Roslyn, the open-source .NET Compiler Platform, Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are...