GitHub introduces new security controls for npm after supply chain attacks

Recent supply chain attacks on npm have shaken confidence in how code is published and consumed. In response, GitHub is rolling out strong new security controls: mandatory 2FA for publishing, granular expiring tokens, and “trusted publishing” workflows to remove token exposure in CI pipelines. Check out the full article from DevOps for the full breakdown. https://bit.ly/3Let1rS #SupplyChainSecurity #DevOps

If you aren't familiar with the JFrog | GitHub Co-Development partnership, you are missing out on some seamless features that can enhance developer productivity. Make sure to checkout the self-paced learning on the JFrog Academy.

Monitoring Kubernetes shouldn't be guesswork. Use this checklist to catch performance issues, security gaps, and misconfigurations before they escalate. https://lnkd.in/gfs-MGwc #Kubernetes #DevOps #CloudNative #SiteReliability

Security shouldn’t be an afterthought. Sysdig's 𝗚𝗿𝗮𝗻𝗱 𝗔𝘁𝗹𝗮𝘀 𝗼𝗳 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 outlines how teams can build protection into every stage of DevOps — from code and CI/CD to registries and runtime so teams can move fast 𝘢𝘯𝘥 stay secure. This is an extremely useful resource for anyone navigating #DevOps + security. Explore the guide: https://okt.to/DZz1Lt Drop me a note if you'd like to know more!

Security shouldn’t be an afterthought. Sysdig's 𝗚𝗿𝗮𝗻𝗱 𝗔𝘁𝗹𝗮𝘀 𝗼𝗳 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 outlines how teams can build protection into every stage of DevOps — from code and CI/CD to registries and runtime — so teams can move fast 𝘢𝘯𝘥 stay secure. 🧭 This is an extremely useful resource for anyone navigating #DevOps + security. Explore the guide: https://okt.to/PTGoMR

🚨 The Shai Hulud incident highlights the ongoing risks in software supply chains. Matt Saunders, our VP of DevOps, has spoken about how simply updating dependencies isn't enough. Without cryptographic checks, organisations can inadvertently introduce malicious code, even when using “known good” versions. At Adaptavist we help teams combine version management with robust verification practices, ensuring the code you rely on is the code you intended to use. 👉 Learn more: https://ow.ly/M3sT50WZtL8 #DevOps #SoftwareSecurity #SupplyChainSecurity #Adaptavist

Security shouldn’t be an afterthought. Sysdig's 𝗚𝗿𝗮𝗻𝗱 𝗔𝘁𝗹𝗮𝘀 𝗼𝗳 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 outlines how teams can build protection into every stage of DevOps — from code and CI/CD to registries and runtime — so teams can move fast 𝘢𝘯𝘥 stay secure. 🧭 This is an extremely useful resource for anyone navigating #DevOps + security. Explore the guide: https://okt.to/mwPtv5

Security shouldn’t be an afterthought. Sysdig's 𝗚𝗿𝗮𝗻𝗱 𝗔𝘁𝗹𝗮𝘀 𝗼𝗳 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 outlines how teams can build protection into every stage of DevOps — from code and CI/CD to registries and runtime — so teams can move fast 𝘢𝘯𝘥 stay secure. 🧭 This is an extremely useful resource for anyone navigating #DevOps + security. Explore the guide: https://okt.to/ZK9hEX

Security shouldn’t be an afterthought. Sysdig's 𝗚𝗿𝗮𝗻𝗱 𝗔𝘁𝗹𝗮𝘀 𝗼𝗳 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 outlines how teams can build protection into every stage of DevOps — from code and CI/CD to registries and runtime — so teams can move fast 𝘢𝘯𝘥 stay secure. 🧭 This is an extremely useful resource for anyone navigating #DevOps + security. Explore the guide: https://okt.to/kpXOMv

Hardcoding passwords in pipelines? Please don’t. Credentials are often the weakest link in CI/CD. If exposed, they can compromise your entire environment. Jenkins provides secure ways to manage credentials. Best practices: - Store secrets in Jenkins Credentials Manager, not in code - Inject credentials at runtime with environment bindings - Use withCredentials in pipelines to handle passwords, tokens, or keys - Restrict access with proper RBAC controls This keeps sensitive data out of your codebase and logs, while making pipelines both safe and maintainable. How do you currently secure credentials in your Jenkins pipelines—built-in store, external vault, or something else? #JenkinsWednesday #Jenkins #CICD #DevOps #Security #Automation