• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

ChatGPT Has Been Sucked Into India’s Culture Wars

February 8, 2023

Meet The Start-Up Founder Connecting Arrestees To Free Legal Support

February 8, 2023

PomaBrush review

February 8, 2023
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    Samsung’s One UI 5 update is largely about personalization

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»How scanning GitHub can help secure the open-source software supply chain
Security

How scanning GitHub can help secure the open-source software supply chain

October 4, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
How to measure cyber risk: The basics of cyber risk quantification 
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Supply chain security attacks have changed cybersecurity forever. Ever since President Biden released his Executive Order on Improving the Nation’s Cybersecurity following the Log4j and SolarWinds breach debacles, open-source security has been a top priority for organizations.

In fact, research shows that 73% of organizations have adopted measures to secure their software supply chains.

Continuing this trend, SaaS security provider Legit Security today announced the launch of Legitify, a new open-source security tool designed to help enterprises secure their GitHub implementations. The solution will enable security and devops teams to scan GitHub configurations at scale and ensure the integrity of open-source software. 

GitHub supports over 1.5 million organizations and plays an integral role in many organizations’ software supply chains as a source-code management (SCM) solution for storing code updates and identifying issues. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Securing GitHub against the open-source onslaught

It’s no secret that vulnerabilities in open-source projects can be devastating. For instance, the remote exploitation exploit Log4j was used as part of over 840,000 attacks within 72 hours of discovery. 

Legit Security believes that securing GitHub is key to securing the open-source software supply chain, as exploits provide a means to modify source code, harvest secrets and initiate a supply chain attack. 

See also  Sports events and online streaming: prepare your cybersecurity

For instance, recently the organization disclosed attack vulnerabilities in open-source projects from Google and Apache, including a “GitHub environment injection” within the Google Firebase project that enables an attacker to take control of a project’s GitHub Actions CI/CD pipeline and modify the underlying source code.

GitHub occupies a unique place in the open-source ecosystem because, although it’s widely used, it’s often difficult to secure GitHub implementations because it’s time-consuming to discover misconfigurations for each repository. 

“It’s difficult and time-consuming to consistently enforce security across large GitHub implementations, and GitHub misconfigurations are a very common source of vulnerabilities. Different individuals often deploy GitHub instances with different configurations and settings,” said Legit Security cofounder and CTO Liav Caspi. 

“However, manually enforcing consistency across large GitHub organizations is very labor-intensive and prone to human error. Legitify addresses this by allowing security teams and devops engineers to manage and enforce their GitHub configurations in a secure and scalable way,” Caspi said. 

Legitify answers these challenges by enabling users to scan GitHub implementations by a specific instance, resource type or entire organization via the command line so they can detect security issues, categorize their severity and review remediation steps.

Other GitHub scanning solutions 

It’s important to note that Legit Security’s solution isn’t the only tool capable of scanning the security of GitHub code. GitHub Code Scanning, released in 2020, is a native solution that integrates with GitHub Actions to scan code as it’s developed and provides users with security reviews to identify vulnerabilities. 

Another tool offering this capability is SonarQube GitHub Action, which allows the user to employ a SonarQube scanner to detect bugs and vulnerabilities in code in over 20 programming languages. SonarQube’s parent company, SonarSource, raised $412 million in funding earlier this year to scan codebases for vulnerabilities. 

See also  Quaint Oak Bank chooses Teslar Software to digitise commercial lending

“Legitify is a unique open-source security tool designed for large enterprise deployments of GitHub. Legitify connects to GitHub via an access token and detects issues across four resource types: member, repository, actions and organization,” Caspi said. 

Source link

chain GitHub opensource scanning secure software Supply
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

This supply chain startup is using AI and IoT to predict food spoilage – Startup

February 5, 2023

Whalesync, a Seattle startup syncing data between software apps, raises $1.8M – Startup

February 1, 2023

Publicly traded cannabis fintech POSaBIT acquires three compliance software firms – Startup

January 31, 2023

GitHub hires chief product officer; ex-RealSelf leader joins Oggvo; ex-Adaptive CFO lands at Capella Space – Startup

December 24, 2022
Add A Comment

Comments are closed.

Editors Picks

Sony shares early have a look at person expertise for PlayStation VR2

July 27, 2022

Westpac and FIS invest in conversational AI firm Kasisto

August 23, 2022

4 tips for your next team brainstorming session to be a guaranteed success

July 5, 2022

Walletmor sells payment implant number 1000

August 15, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

ChatGPT Has Been Sucked Into India’s Culture Wars

Meet The Start-Up Founder Connecting Arrestees To Free Legal Support

PomaBrush review

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2023 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.