Legit Security Blog

Forget Everything You Thought You Knew About DevOps and Security

DevOps isn’t a new concept. It was first coined around 2009 by Patrick Debois as a way to describe not only technology and standards, but also an associated culture. In many ways, this marked the birth of the “DevOps movement”.

Read More

What Are Immutable Tags And Can They Protect You From Supply Chain Attacks?

Artifacts, such as container images, are referenced during the development lifecycle using tags – a readable short name (usually a version like...

Read More

Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks

In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...

Read More

Re-thinking Application Security for DevSecOps and Scale

Application Security (AppSec) has been around for decades, but it has fallen behind application development advancements like DevOps and cloud. How...

Read More

Latest GitHub OAuth Tokens Attack Explained and How to Protect Yourself

On Friday April 15, GitHub Security announced it had detected the compromise of OAuth access tokens issued to Heroku and Travis-CI integrations to...

Read More

What is an SBOM? SBOM explained in 5 minutes

SBOM stands for Software Bill Of Materials: a nested description of software artifact components and metadata. This information can also include...

Read More

A Cautionary Tale: The Untold Story of the GitLab CVE Backdoor (CVE-2022-1162)

On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important...

Read More

Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline

At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...

Read More

Detecting Secrets in Your Source Code

Exposed secrets in source code pose a risk to you, your team and your entire organization. But what are secrets exactly? How do they become exposed?...

Read More

Announcing Legit Security: The Story Behind Our Mission

I'm excited to share that Legit Security is officially launching out of stealth mode. While in stealth, we’ve been incredibly busy acquiring our...

Read More

Stay Connected

 Please join our mailing list for future updates and announcements.