open source
Allstar app helps enforce security best practices for GitHub projects
Google and the Open Source Security Foundation (OpenSSF) have released Allstar, an app that allows organizations / owners of GitHub repositories to set up security policy …
How to harden Kubernetes systems and minimize risk
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a report which details threats to Kubernetes environments and …
Open source software plays an important role in the success of leading organizations
DataStax unveiled research findings that show how leading organizations are winning with data, and how others can close the gap. Through insights from over 500 technology …
Regula: Open source policy engine for IaC security
Fugue announced Regula 1.0, an open source policy engine for infrastructure as code (IaC) security. Available at GitHub, the tool includes support for common IaC tools such as …
Most third-party libraries are never updated after being included in a codebase
79% percent of the time, third-party libraries are never updated by developers after being included in a codebase – despite the fact that more than two thirds of fixes …
New tool allows organizations to customize their ATT&CK database
MITRE Engenuity has released ATT&CK Workbench, an open source tool that allows organizations to customize their local instance of the MITRE ATT&CK database of cyber …
Open source UChecker tool detects vulnerable libraries on Linux servers
CloudLinux announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides …
New Google tool reveals dependencies for open source projects
Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security …
Kali Linux 2021.2 released: Kaboxer, Kali-Tweaks, new tools, and more!
Offensive Security has released Kali Linux 2021.2, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux …
Open-source tool Yor automatically tags IaC resources for traceability and auditability
Yor is an open-source tool from Palo Alto Networks that automatically tags cloud resources within infrastructure as code (IaC) frameworks such as Terraform, Cloudformation, …
University of Minnesota researchers fail to understand consent
You’d think with all the recent discussion about consent, researchers would more carefully observe ethical boundaries. Yet, a group of researchers from the University of …
Infrastructure drift: A multidimensional problem with the need for new DevSecOps tools
As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of factors involved when running …
Featured news
Resources
Don't miss
- The hidden gaps in your asset inventory, and how to close them
- CTM360 report: Ransomware exploits trust more than tech
- Lumma Stealer Malware-as-a-Service operation disrupted
- Data-stealing VS Code extensions removed from official Marketplace
- Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)