Facing the escalating number of reported Common Vulnerabilities and Exposures (CVEs), Veracode offers a solution providing comprehensive tools for detection and remediation of security vulnerabilities. The article further delves into how Veracode Collections contributes to overcoming limitations in traditional scanning approaches, allowing a more efficient and customized security review of complex microservice architectures.
English
Open-Source Software Vulnerability Mitigation through Automated Dependency Management
This article dives into the essentials and tactics for mastering automated dependency management, with a spotlight on Renovate.
Dockerfiles vs. Buildpacks vs. Jib
Containerization technology has become a cornerstone of modern software development but the tools and methods you choose for packaging your applications can impact your development workflow, deployment speed, and operational efficiency. In this Blogpost, we will look...
Zero-Trust-Architecture based on Anthos Service Mesh
A deep-dive into the topic of zero-trust architecture with a look on the history of zero-trust, an implementation example as well as the questions and challenges that arose during its implementation.
Microsoft Copilot: Testing the capabilities of Generative AI
In this article Thomas, Richard and Thomas demonstrate the usability of Microsoft’s Copilot. They highlight its usability, the possibility of integration and price points. All this is accompanied by an example of building your own Copilot for a real-world use-case.
Strikt – An assertion library for Kotlin
When writing tests, it’s not only about whether they really correctly test your code and how much coverage they achieve. One important thing is also how much information you’ll get when there is a failing test. Ever since I am using Kotlin, I am using the combination...
How to kick-start your Tools-Comparison Radar
This year we made a comparison of different tools. Our author Markus describes how we proceeded with the evaluation and what our takeaways were.
Open Source Tools for Software Supply Chain Security
In this article we show how you can improve the security of your software supply chain without spending money for software licenses. For this, we present useful open-source tools for automated dependency updates, vulnerability scanning of dependencies, license scanning, SBOM generation, secret detection and scanning of infrastructure as code for vulnerabilities and misconfiguration.
Software Supply Chain Security with Google Software Delivery Shield
Our authors Pascal and Bastian investigated the Google Software Delivery Shield which is Google’s fully managed solution for software supply chain security. In this article they describe how software supply chain security can be achieved during the different steps of the software development lifecycle with the Google Software Delivery Shield.
Introduction to Software Supply Chain Security
Our author Daniel gives an introduction into Software Supply Chain Security in software development processes and highlights its importance. The article stresses how neglecting security in the software development process can lead to successful attacks, compromising users’ data and systems. It also provides tips on achieving Software Supply Chain Security, including scanning for vulnerabilities, updating dependencies, and secret detection.