We'll be at Black Hat in Las Vegas! Connect with us in person -->

Blog Contact Us Sign In
Platform
Platform - ASPM Icon
Application Security Posture Management (ASPM)
Platform - Secrets Detection & Prevention
Secrets Detection & Prevention
Platform - Continuous Compliance and SBOM Icon
Continuous Compliance and SBOM
Platform - Software Supply Chain Security SSCS Icon
Software Supply Chain Security (SSCS)
Platform - AI Security Posture Management (AI-SPM) Icon
AI Security Posture Management (AI-SPM)
Platform - AppSec Vulnerability Management Icon
AppSec Vulnerability Management
Integrations
Why Legit
Why Legit - Customers Icon
Customers
Resources
Resources - Blog Icon
Blog
Resources - Resource Library Icon
Resource Library
Resources - Open Source with Legitify Icon
Open Source w/ Legitify
Resources - Events Icon
Events
Company - About Legit Icon 2
ASPM Knowledge Base
Company
Company - Partners Icon
Partners
Company - About Legit Icon 2
About Legit
Company - Press Releases Icon 1
Press Releases
Company - In the News Icon
In the News
Company - Careers Icon
Careers

Blogs about SCMs

    Content Type
    View All Application Security Best Practices Application Vulnerabilities AppSec ASPM Definitions and Explanations Best Practices CISO Compliance Cybersecurity Regulation Compliance DevOps Explainers Legit Partners SCMs Threats
    The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.
    AppSec Legit Threats SCMs

    Azure Devops Zero-Click CI/CD Vulnerability

    January 31, 2024

    The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.

    Read More
    Legitify is an open-source GitHub and GitLab configuration scanner from Legit Security that helps manage & enforce SCM configuration best practices in a secure and scalable way
    Legit SCMs

    Legitify adds support for GitLab and GitHub Enterprise Server

    January 25, 2023

    Legitify is an open-source GitHub and GitLab configuration scanner from Legit Security that helps manage & enforce SCM configuration best practices in a secure and scalable way

    Read More
    New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
    Threats SCMs

    Novel Pipeline Vulnerability Discovered; Rust  Found Vulnerable

    December 01, 2022

    New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.

    Read More
    Legitify is an open-source GitHub configuration scanner from Legit Security that helps manage & enforce GitHub configurations in a secure and scalable way
    Legit SCMs

    Introducing Legitify: A Better Way To Secure GitHub

    October 05, 2022

    Legitify is an open-source GitHub configuration scanner from Legit Security that helps manage & enforce GitHub configurations in a secure and scalable way

    Read More
    GitHub configurations aren't secure out of the box. It's up to you to secure them. This blog discusses GitHub's new Codespaces product and how to secure it.
    Best Practices SCMs

    GitHub Codespaces Security Best Practices

    September 28, 2022

    GitHub configurations aren't secure out of the box. It's up to you to secure them. This blog discusses GitHub's new Codespaces product and how to secure it.

    Read More
    GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.
    Threats SCMs

    Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code

    September 08, 2022

    GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.

    Read More
    Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.
    Legit Threats SCMs

    Google & Apache Found Vulnerable to GitHub Environment Injection

    September 01, 2022

    Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.

    Read More
    Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.
    Threats SCMs

    Breaking News: How a Massive Malware Attack Almost Occurred on GitHub

    August 03, 2022

    Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.

    Read More
    Is GitHub safe? Discover how developers can avoid misconfigurations and vulnerabilities to ensure secure collaboration on GitHub.
    Best Practices SCMs

    Secure GitHub: How to Keep Your Code and Pipelines Safe from Hackers

    June 20, 2022

    Is GitHub safe? Discover how developers can avoid misconfigurations and vulnerabilities to ensure secure collaboration on GitHub.

    Read More
    This article will explain why security and GitHub should go hand in hand and describes a few best practices we believe any organization using GitHub should employ to reduce GitHub security risks.
    Best Practices SCMs

    GitHub Security Best Practices Your Team Should Be Following

    May 31, 2022

    This article will explain why security and GitHub should go hand in hand and describes a few best practices we believe any organization using GitHub should employ to reduce GitHub security risks.

    Read More
    We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.
    Best Practices Legit Threats SCMs

    Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks

    May 02, 2022

    We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.

    Read More
    This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.
    Explainers Threats SCMs

    Latest GitHub OAuth Tokens Attack Explained and How to Protect Yourself

    April 18, 2022

    This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.

    Read More
    On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.
    Threats SCMs

    A Cautionary Tale: The Untold Story of the GitLab CVE Backdoor (CVE-2022-1162)

    April 06, 2022

    On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.

    Read More
    Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
    Best Practices Legit Threats SCMs

    Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline

    April 04, 2022

    Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.

    Read More
    What are secrets in source code, why they must be protected, and how to keep them safe.
    Explainers Threats SCMs

    Detecting Secrets in Your Source Code

    March 11, 2022

    What are secrets in source code, why they must be protected, and how to keep them safe.

    Read More

    Request a Demo

    Request a demo including the option to analyze your own software supply chain.

    Request a Demo