Checkov 3.0: Upgraded Open-Source Infrastructure-as-Code Security
Updates to Checkov’s open-source infrastructure-as-code security provides deeper Terraform scanning, improved secrets security, and simplified policy definitions.
Palo Alto Networks
DevSecOps
Abusing Repository Webhooks to Access Internal CI/CD Systems at Scale
Learn how attackers abuse repository webhooks to gain access to Jenkins instances and discover CI/CD security tips to protect your pipelines from attack.
How to Embrace Kubernetes Security With Checkov’s Graph Connections
Learn how Checkov’s graph-based security checks for Kubernetes can help protect your Kubernetes workloads from attack - without noisy alerts.
The Top 5 Secrets Management Mistakes and How to Avoid Them
Learn 5 common secrets management mistakes developers make while working with passwords, API keys, tokens, and other secrets.
Enhanced Pull Request Comments: Empower Developers to Ship Code That’s Secu...
Discover how pull request comments put security in the hands of developers with Prisma Cloud
Top 5 DevSecOps Tools to Help You Ship Secure Code Fast
Learn the top 5 DevSecOps tools you need to ship secure code fast and discover how to empower your team with frictionless, consolidated security.
Adopting Advanced Terraform Security Use Cases with Prisma Cloud
Learn 5 advanced Terraform security use cases and discover how Prisma Cloud partners with Hashicorp to streamline IaC security.
How to Think About DevSecOps for a Secure Future
Despite the technological advances of recent years (or perhaps because of them), the number of threats on the internet continues to rise. In fact, a 2022 survey from ThoughtLab found that the number of breaches...
It’s Not All Bad! Using Cloud Drift for Teachable Moments
Stack Overflow’s 2021 Developer Survey found that 54% of developers use AWS, yet only 7% use Terraform. That means that far more developers have adopted provisioning, managing and decommissioning cloud infrastr...
The Key to DevSecOps Success: Cross-Team Knowledge Sharing
A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and e...
From Manifest to Workload: Embedding Kubernetes Security at Each Phase of t...
Part of the answer is to identify and address security risks within the various components of Kubernetes itself as well as their configurations. You can do this by, for example, va...
Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in...
Developers leverage hardcoded credentials to seamlessly access or authenticate the services needed to build and deploy applications. While this practice streamlines development, it...
OpenSSL Vulnerability Rating Downgraded to High
OpenSSL patches high severity vulnerabilities that could impact Apache and Nginx web servers. Stay tuned for updates on CVE-2022-3786 & CVE-2022-3602.
Full-Stack Code Visibility With Prisma Cloud Software Bill of Materials (SB...
Learn how to get visibility into risk exposure and prevent supply chain attacks with software bill of materials (SBOM) generation capabilities.
DevSecOps and Value Stream Management
Combining Value Stream Management with the implementation and expansion of DevSecOps practices is becoming the best-of-breed approach for organizations. By having everything in a single stream with checks and balances integrated early and o...
Prisma Cloud: Leader in the GigaOm Radar for Developer Security Tools
Prisma Cloud was the only CNAPP to be named a Leader in the 2021 GigaOm Leader in Developer Security Tool report in recognition of our developer-frien...
Subscribe to the Newsletter!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.