AST Platform Demo
Watch Now
Watch Now
The software world will always need devoted security innovators, and Checkmarx is fostering global partnerships to better meet the industry’s needs.
Read Now
Businesses commonly turn to managed service providers to help handle IT processes like data backup and recovery, network management, and mobility management. Here’s another key type of managed...
Read Now
Modern application development must address supply chain security risksSoftware Composition Analysis (SCA) tools are part of, but not the complete solutionVulnerable and malicious are two very...
Read Now
Infrastructure as Code (IaC) is the description of infrastructure (clusters, virtual machines, networking, storage, etc.) with a declarative model and its subsequent management using the same...
Read Now
Today CRN®, a brand of The Channel Company, announced its highly respected annual Women of the Channel list and I always look forward to seeing all of the amazing leaders who are featured each...
Read Now
Modern Application Development (MAD) is an approach to developing software applications using cloud-native technologies. The main idea is to leverage newer emerging tools like K8s to bootstrap...
Read Now
Read Now
Malicious packages in multiple programming languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. The fact...
Read Now
Watch Now
Intro A few weeks ago, we wrote about a new threat actor we called RED-LILI and described their capabilities, including an in-depth walkthrough of the automated system for publishing malicious...
Read Now
Checkmarx supply chain security has recently found a malicious PyPi package with more than 70,000 downloads using a technique we dubbed StarJacking - a way to make an open source package...
Read Now
Now developers can utilize hassle-free security whenever they need it The pace of software development is accelerating. The development team is under pressure to continuously deliver as App...
Read Now
Following our recent blog post on what are open source licenses, their types, and their limitations, in this post, we will dive into the risks for being a non-compliant business, and how an...
Read Now
What are Open Source (OS) Licenses? OS dependencies are being used very broadly among developers due to their amazing benefits.Studies show that ~85–97% of the software applications rely on OS...
Read Now
Watch Now
On March 29th, 2022, two separate RCE (Remote Code Execution) vulnerabilities related to different Spring projects were published and discussed all over the internet. In addition, a third...
Read Now
Does Protestware undermine the trustworthiness of OSS ecosystems? Two popular packages, “styled-components” and “es5-ext”, with millions of weekly downloads and thousands of dependent projects,...
Read Now
SpringShell is a new vulnerability in Spring, the world’s most popular Java framework, which enables remote code execution (RCE) using ClassLoader access to manipulate attributes and setters....
Read Now
The ultimate goal of any organization that has decided to build a new application is to create a product which will be used to support a specific process. Every group inside an organization can...
Read Now
Loading More...