• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»How scanning GitHub can help secure the open-source software supply chain
Security

How scanning GitHub can help secure the open-source software supply chain

October 4, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
How to measure cyber risk: The basics of cyber risk quantification 
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Supply chain security attacks have changed cybersecurity forever. Ever since President Biden released his Executive Order on Improving the Nation’s Cybersecurity following the Log4j and SolarWinds breach debacles, open-source security has been a top priority for organizations.

In fact, research shows that 73% of organizations have adopted measures to secure their software supply chains.

Continuing this trend, SaaS security provider Legit Security today announced the launch of Legitify, a new open-source security tool designed to help enterprises secure their GitHub implementations. The solution will enable security and devops teams to scan GitHub configurations at scale and ensure the integrity of open-source software. 

GitHub supports over 1.5 million organizations and plays an integral role in many organizations’ software supply chains as a source-code management (SCM) solution for storing code updates and identifying issues. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Securing GitHub against the open-source onslaught

It’s no secret that vulnerabilities in open-source projects can be devastating. For instance, the remote exploitation exploit Log4j was used as part of over 840,000 attacks within 72 hours of discovery. 

Legit Security believes that securing GitHub is key to securing the open-source software supply chain, as exploits provide a means to modify source code, harvest secrets and initiate a supply chain attack. 

See also  Google launches vulnerability reward program to secure open-source software 

For instance, recently the organization disclosed attack vulnerabilities in open-source projects from Google and Apache, including a “GitHub environment injection” within the Google Firebase project that enables an attacker to take control of a project’s GitHub Actions CI/CD pipeline and modify the underlying source code.

GitHub occupies a unique place in the open-source ecosystem because, although it’s widely used, it’s often difficult to secure GitHub implementations because it’s time-consuming to discover misconfigurations for each repository. 

“It’s difficult and time-consuming to consistently enforce security across large GitHub implementations, and GitHub misconfigurations are a very common source of vulnerabilities. Different individuals often deploy GitHub instances with different configurations and settings,” said Legit Security cofounder and CTO Liav Caspi. 

“However, manually enforcing consistency across large GitHub organizations is very labor-intensive and prone to human error. Legitify addresses this by allowing security teams and devops engineers to manage and enforce their GitHub configurations in a secure and scalable way,” Caspi said. 

Legitify answers these challenges by enabling users to scan GitHub implementations by a specific instance, resource type or entire organization via the command line so they can detect security issues, categorize their severity and review remediation steps.

Other GitHub scanning solutions 

It’s important to note that Legit Security’s solution isn’t the only tool capable of scanning the security of GitHub code. GitHub Code Scanning, released in 2020, is a native solution that integrates with GitHub Actions to scan code as it’s developed and provides users with security reviews to identify vulnerabilities. 

Another tool offering this capability is SonarQube GitHub Action, which allows the user to employ a SonarQube scanner to detect bugs and vulnerabilities in code in over 20 programming languages. SonarQube’s parent company, SonarSource, raised $412 million in funding earlier this year to scan codebases for vulnerabilities. 

See also  A Russian-backed malware group is spoofing pro-Ukraine apps, Google finds

“Legitify is a unique open-source security tool designed for large enterprise deployments of GitHub. Legitify connects to GitHub via an access token and detects issues across four resource types: member, repository, actions and organization,” Caspi said. 

Source link

chain GitHub opensource scanning secure software Supply
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

The Auto Strike Threatens a Supply Chain Already Weakened by Covid

September 16, 2023

10 Ways To Secure A Mentor And Grow As An Entrepreneur

September 14, 2023

The Cloud Is a Prison. Can the Local-First Software Movement Set Us Free?

August 6, 2023

This Student Is Taking On ‘Biased’ Exam Software

April 5, 2023
Add A Comment

Comments are closed.

Editors Picks

Pinocchio RPG Lies Of P’s new trailer doubles down on its Bloodborne vibes

September 4, 2022

How To List Your Company In Business Directories

September 2, 2023

4 Tactics For Picking The Right AI Solutions For Your Company

August 7, 2022

What is Embracer Group? Gaming’s new megapower, explained

August 18, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.