ANNOUNCEMENT: Legit Secrets Detection & Prevention 2.0! Read more about all the new capabilities --> 

Blog Contact Us Sign In
Platform
Platform - ASPM Icon
Application Security Posture Management (ASPM)
Platform - Secrets Detection & Prevention
Secrets Detection & Prevention
Platform - Continuous Compliance and SBOM Icon
Continuous Compliance and SBOM
Platform - Software Supply Chain Security SSCS Icon
Software Supply Chain Security (SSCS)
Platform - AI Security Posture Management (AI-SPM) Icon
AI Security Posture Management (AI-SPM)
Platform - AppSec Vulnerability Management Icon
AppSec Vulnerability Management
Integrations
Why Legit
Why Legit - Customers Icon
Customers
Resources
header mobile nav icon
Resources
Resources - Blog Icon
Blog
Resources - Resource Library Icon
Resource Library
Resources - Open Source with Legitify Icon
Open Source w/ Legitify
Resources - Events Icon
Events
Company
Company - Partners Icon
Partners
Company - About Legit Icon 2
About Legit
Company - Press Releases Icon 1
Press Releases
Company - In the News Icon
In the News
Company - Careers Icon
Careers

Blogs about Threats

    Content Type
    View All AppSec Best Practices CISO Compliance DevOps Explainers Legit Partners SCMs SLSA Threats
    What is privilege escalation? Learn how attackers exploit it, ways to prevent such attacks, and strengthen your defenses from unauthorized access.
    Best Practices AppSec Legit Threats

    What Is Privilege Escalation? Types, Examples, and Prevention

    December 19, 2024

    What is privilege escalation? Learn how attackers exploit it, ways to prevent such attacks, and strengthen your defenses from unauthorized access.

    Read More
    Learn what a zero-day vulnerability is, how these exploits work, and the best strategies to prevent attacks. Stay ahead of threats and protect your systems.
    Explainers Threats

    What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks

    December 12, 2024

    Learn what a zero-day vulnerability is, how these exploits work, and the best strategies to prevent attacks. Stay ahead of threats and protect your systems.

    Read More
    Protect your database with effective SQL injection prevention strategies. Secure your systems and stop attackers from exploiting vulnerabilities today.
    Explainers Best Practices Threats

    SQL Injection Prevention: 6 Strategies

    December 04, 2024

    Protect your database with effective SQL injection prevention strategies. Secure your systems and stop attackers from exploiting vulnerabilities today.

    Read More
    This guide explains CMMC Level 2 requirements and how to achieve compliance. Help your business meet essential cybersecurity standards.
    Explainers Best Practices Threats Compliance

    CMMC Level 2 Requirements: A Guide to Achieving Compliance

    December 04, 2024

    This guide explains CMMC Level 2 requirements and how to achieve compliance. Help your business meet essential cybersecurity standards.

    Read More
    Discover how secrets scanning protects sensitive data beyond source code, including documentation, developer tools, and artifacts.
    SLSA DevOps Explainers Best Practices AppSec Threats Compliance

    Secrets Scanning: How It Works and Why It’s Important

    December 04, 2024

    Discover how secrets scanning protects sensitive data beyond source code, including documentation, developer tools, and artifacts.

    Read More
    Learn essential API key security best practices to protect sensitive data, prevent unauthorized access, and secure your applications.
    SLSA Explainers Best Practices AppSec Threats Compliance

    API Key Security Best Practices: Secure Sensitive Data

    December 04, 2024

    Learn essential API key security best practices to protect sensitive data, prevent unauthorized access, and secure your applications.

    Read More
    Explore the NYDFS cybersecurity regulation, who needs to comply, and its requirements. Learn how to ensure compliance with this essential framework.
    CISO Explainers Best Practices Threats Compliance

    Understanding the NYDFS Cybersecurity Regulation

    November 25, 2024

    Explore the NYDFS cybersecurity regulation, who needs to comply, and its requirements. Learn how to ensure compliance with this essential framework.

    Read More
    Learn what CMMC compliance requirements are and when they’re required. Get an overview of CMMC and how Legit Security can help you achieve certification.
    CISO Explainers Best Practices Threats Compliance

    CMMC Compliance Requirements: A Complete Guide

    November 25, 2024

    Learn what CMMC compliance requirements are and when they’re required. Get an overview of CMMC and how Legit Security can help you achieve certification.

    Read More
    Learn essential CI/CD security practices to protect your pipeline from vulnerabilities and ensure safe and efficient development and deployment processes.
    DevOps Best Practices AppSec Threats Compliance

    What Is CI/CD Security? Risks and Best Practices

    November 25, 2024

    Learn essential CI/CD security practices to protect your pipeline from vulnerabilities and ensure safe and efficient development and deployment processes.

    Read More
    AI cybersecurity tools can strengthen your security strategy and save time. Here’s a curated list of the best AI tools to protect your business.
    CISO Explainers Best Practices AppSec Threats

    7 Best AI Cybersecurity Tools for Your Company

    November 21, 2024

    AI cybersecurity tools can strengthen your security strategy and save time. Here’s a curated list of the best AI tools to protect your business.

    Read More
    PCI DSS is essential for protecting cardholder data. Here’s a guide to help you understand PCI DSS self-assessment and if it’s the right compliance path for you.
    CISO DevOps Explainers Best Practices AppSec Threats SCMs Compliance

    PCI DSS Self-Assessment Questionnaires: Choosing the Right Type

    October 29, 2024

    PCI DSS is essential for protecting cardholder data. Here’s a guide to help you understand PCI DSS self-assessment and if it’s the right compliance path for you.

    Read More
    Discover what a cybersecurity audit is and explore the types of security audits to ensure compliance, protect your systems, and mitigate potential risks.
    SLSA Explainers Best Practices AppSec Threats Compliance

    Types of Security Audits: Overview and Best Practices

    October 21, 2024

    Discover what a cybersecurity audit is and explore the types of security audits to ensure compliance, protect your systems, and mitigate potential risks.

    Read More
    Explore the NIST AI Risk Management Framework and learn how it helps organizations manage AI risks. Discover its core components and implementation steps.
    Best Practices Threats

    NIST AI Risk Management Framework Explained

    October 08, 2024

    Explore the NIST AI Risk Management Framework and learn how it helps organizations manage AI risks. Discover its core components and implementation steps.

    Read More
    Ensure compliance and reduce risks with top SBOM solutions. Discover the best SBOM tools to manage and secure your software components.
    SLSA AppSec Threats SCMs Compliance

    SBOM Tools and Alternatives to Assess and Protect Your Software

    September 16, 2024

    Ensure compliance and reduce risks with top SBOM solutions. Discover the best SBOM tools to manage and secure your software components.

    Read More
    Discover why software supply chain vulnerability protection is important and how to effectively safeguard your business.
    Best Practices AppSec Threats Compliance

    Software Supply Chain Vulnerability Protection 101

    September 16, 2024

    Discover why software supply chain vulnerability protection is important and how to effectively safeguard your business.

    Read More
    Maintaining security posture is key to protecting organizations against cyberattacks. Here’s how to improve your security posture and keep your business safe.
    Best Practices AppSec Threats

    How to Strengthen and Improve Your Company's Security Posture

    September 12, 2024

    Maintaining security posture is key to protecting organizations against cyberattacks. Here’s how to improve your security posture and keep your business safe.

    Read More
    Legit Security | How to Mitigate the Risk of GitHub Actions. Get highlights of our research into the security of GitHub Actions, and our advice on mitigating the risk.
    CISO Best Practices AppSec Threats

    How to Mitigate the Risk of GitHub Actions

    September 09, 2024

    How to Mitigate the Risk of GitHub Actions. Get highlights of our research into the security of GitHub Actions, and our advice on mitigating the risk.

    Read More
    Legit Security | The Risks Lurking in Publicly Exposed GenAI Development Services. Get our research team's analysis of the security of GenAI development services.
    Best Practices AppSec Threats

    The Risks Lurking in Publicly Exposed GenAI Development Services

    August 28, 2024

    The Risks Lurking in Publicly Exposed GenAI Development Services. Get our research team's analysis of the security of GenAI development services.

    Read More
    Legit Security | ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams. Find out how your peers are managing application security challenges. 
    CISO Best Practices AppSec Threats

    ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams

    August 16, 2024

    ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams. Find out how your peers are managing application security challenges. 

    Read More
    Legit Security | Security Challenges Introduced by Modern Software Development. Understand how modern software development is changing security threats.
    Best Practices AppSec Threats

    Security Challenges Introduced by Modern Software Development

    June 13, 2024

    Security Challenges Introduced by Modern Software Development. Understand how modern software development is changing security threats.

    Read More
    Legit Security | Don't Protect Your Software Supply Chain, Defend the Entire Software Factory. Find out why a too-narrow definition of
    Best Practices AppSec Threats

    Don’t Protect Your Software Supply Chain, Defend the Entire Software Factory

    June 05, 2024

    Don't Protect Your Software Supply Chain, Defend the Entire Software Factory. Find out why a too-narrow definition of "supply chain" may be hindering software security efforts.

    Read More
    Legit Security | Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development. Understand why securing build systems is as important as securing production systems.
    Best Practices AppSec Threats

    Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development

    May 21, 2024

    Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development. Understand why securing build systems is as important as securing production systems.

    Read More
    Legit Security | New Survey Finds a Paradox of Confidence in Software Supply Chain Security. Get results of and analysis on ESG's new survey on supply chain security.
    Best Practices AppSec Threats

    New Survey Finds a Paradox of Confidence in Software Supply Chain Security

    May 17, 2024

    New Survey Finds a Paradox of Confidence in Software Supply Chain Security. Get results of and analysis on ESG's new survey on supply chain security.

    Read More
    Legit Security | Verizon 2024 DBIR Key Takeaways. Get key data points and takeaways from the 2024 Verizon Data Breach Investigations Report.
    Best Practices AppSec Threats

    Verizon 2024 DBIR: Key Takeaways

    May 13, 2024

    Verizon 2024 DBIR Key Takeaways. Get key data points and takeaways from the 2024 Verizon Data Breach Investigations Report.

    Read More
    Legit Security | Dependency Confusion Vulnerability Found in an Archived Apache Project. Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project.
    Explainers Best Practices AppSec Threats

    Dependency Confusion Vulnerability Found in an Archived Apache Project 

    April 22, 2024

    Dependency Confusion Vulnerability Found in an Archived Apache Project. Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project.

    Read More
    Legit Security | Securing the Software Supply Chain: Risk Management Tips. Securing the software supply chain can seem daunting, but with the right strategy, you can optimize your software supply chain risk management practices.
    Explainers Best Practices AppSec Legit Threats

    Securing the Software Supply Chain: Risk Management Tips

    April 01, 2024

    Securing the Software Supply Chain: Risk Management Tips. Securing the software supply chain can seem daunting, but with the right strategy, you can optimize your software supply chain risk management practices.

    Read More
    Legit Security | What You Need to Know About the XZ Utils Backdoor.
    AppSec Legit Threats

    What You Need to Know About the XZ Utils Backdoor

    March 30, 2024

    What You Need to Know About the XZ Utils Backdoor.

    Read More
    Legit Security | How to Get the Most From Your Secrets Scanning. Secret scanning is essential for unlocking next-level software supply chain security. Get tips & best practices for optimal secret scanning to secure your code.
    Best Practices AppSec Legit Threats

    How to Get the Most From Your Secrets Scanning

    March 25, 2024

    How to Get the Most From Your Secrets Scanning. Secret scanning is essential for unlocking next-level software supply chain security. Get tips & best practices for optimal secret scanning to secure your code.

    Read More
    Legit Security | Microsoft Under Attack by Russian Cyberattackers. Understand how these attackers are operating and what their tactics mean for security strategies.
    Best Practices AppSec Legit Threats

    Microsoft Under Attack by Russian Cyberattackers

    March 15, 2024

    Microsoft Under Attack by Russian Cyberattackers. Understand how these attackers are operating and what their tactics mean for security strategies.

    Read More
    The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.
    AppSec Legit Threats SCMs

    Azure Devops Zero-Click CI/CD Vulnerability

    January 31, 2024

    The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.

    Read More
    Legit Security | In this blog series, we uncover the challenges of adopting SLSA provenance and discuss methods for overcoming those challenges.
    AppSec Threats

    SLSA Provenance Blog Series, Part 4: Implementation Challenges for SLSA Provenance for Enterprises

    January 24, 2024

    In this blog series, we uncover the challenges of adopting SLSA provenance and discuss methods for overcoming those challenges.

    Read More
    Learn how vulnerable self-hosted runners can lead to severe software supply chain attacks.
    DevOps AppSec Threats

    GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

    January 18, 2024

    Learn how vulnerable self-hosted runners can lead to severe software supply chain attacks.

    Read More
    Legit Security | In this blog series, we uncover the challenges of adopting SLSA provenance and discuss methods for overcoming those challenges.
    AppSec Threats

    SLSA Provenance Blog Series, Part 3: The Challenges of Adopting SLSA Provenance

    December 28, 2023

    In this blog series, we uncover the challenges of adopting SLSA provenance and discuss methods for overcoming those challenges.

    Read More
    Legit Security | Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.
    Legit Threats

    Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform

    October 24, 2023

    Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

    Read More
    Explore the security risks of generative AI, including code opacity and embedding concerns, in the evolving landscape of AI and LLMs.
    Threats

    Top Risks of Ignoring AI Code in Your Organization & LLM Embedding

    October 10, 2023

    Explore the security risks of generative AI, including code opacity and embedding concerns, in the evolving landscape of AI and LLMs.

    Read More
    Legit Security | Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.
    Best Practices AppSec Threats

    Emerging Risks with Embedded LLM in Applications

    August 02, 2023

    Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.

    Read More
    Legit Security | This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository.
    Legit Threats

    How We Found Another GitHub Actions Environment Injection Vulnerability in a Google Project

    July 03, 2023

    This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository.

    Read More
    Legit Security | On May 20th, PyPI (the official Python Package manager) announced they are temporarily suspending new users and new project registration.
    Explainers AppSec Threats

    Supply Chain Attacks Overflow: PyPI Suspended New Registrations

    May 22, 2023

    On May 20th, PyPI (the official Python Package manager) announced they are temporarily suspending new users and new project registration.

    Read More
    Discover the SLSA framework, designed to ensure the integrity of software artifacts and enhance overall software supply chain security.
    AppSec Threats

    Deep Dive Into SLSA Provenance and Software Attestation

    May 10, 2023

    Discover the SLSA framework, designed to ensure the integrity of software artifacts and enhance overall software supply chain security.

    Read More
    Legit Security | In this blog series, we uncover the details of SLSA provenance which refers to the ability to trust the authenticity of artifacts.
    AppSec Threats

    SLSA Provenance Blog Series, Part 1: What Is Software Attestation

    May 09, 2023

    In this blog series, we uncover the details of SLSA provenance which refers to the ability to trust the authenticity of artifacts.

    Read More
    Explore the risks of secret exposure through leaked source code & why traditional scanners may not fully protect against it. Learn effective security strategies for secrets in the SDLC.
    AppSec Threats

    5 Ways Attackers Exploit Hardcoded Secrets & How to Prevent

    April 25, 2023

    Explore the risks of secret exposure through leaked source code & why traditional scanners may not fully protect against it. Learn effective security strategies for secrets in the SDLC.

    Read More
    Legit Security | Protect your business from the serious consequences of code leaks by taking proactive measures to enhance your cybersecurity posture.
    Best Practices Threats

    The Business Risks and Costs of Source Code Leaks and Prevention Tips

    April 24, 2023

    Protect your business from the serious consequences of code leaks by taking proactive measures to enhance your cybersecurity posture.

    Read More
    Legit Security | 3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.
    Explainers AppSec Threats

    Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users

    March 31, 2023

    3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.

    Read More
    Legit Security | Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.
    Threats

    Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack

    March 30, 2023

    Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.

    Read More
    Discover top cloud security threats and learn effective techniques to keep your cloud applications secure year-round.
    Explainers Best Practices Threats

    Top 8 Cloud Application Security Challenges and Issues

    March 14, 2023

    Discover top cloud security threats and learn effective techniques to keep your cloud applications secure year-round.

    Read More
    Legit Security | Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.
    Best Practices Legit Threats

    Exposing Secrets Via SDLC Tools: The Artifactory Case

    February 28, 2023

    Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.

    Read More
    Legit Security | We investigate how sensitive information can get exposed via AppSec tools that you use in your dev pipeline, using the SonarQube Case.
    Threats

    Exposing Secrets Via SDLC Tools: The SonarQube Case

    January 19, 2023

    We investigate how sensitive information can get exposed via AppSec tools that you use in your dev pipeline, using the SonarQube Case.

    Read More
    Explore our findings on a common markdown syntax vulnerability and its potential to cause Denial-of-Service (DoS) attacks.
    Legit Threats

    The MarkdownTime Vulnerability: How to Avoid DoS Attack on Business

    January 18, 2023

    Explore our findings on a common markdown syntax vulnerability and its potential to cause Denial-of-Service (DoS) attacks.

    Read More
    See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.
    Best Practices Legit Threats

    How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack

    January 04, 2023

    See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

    Read More
    New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
    Threats SCMs

    Novel Pipeline Vulnerability Discovered; Rust  Found Vulnerable

    December 01, 2022

    New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.

    Read More
    OpenSSL has announced a critical fix in version 3.0.7 to be released Nov 1st. It means that on Tuesday the race will start between those who patch and those who exploit.
    Threats

    Critical and Time Sensitive OpenSSL Vulnerability - The Race Between Attackers and Defenders

    October 31, 2022

    OpenSSL has announced a critical fix in version 3.0.7 to be released Nov 1st. It means that on Tuesday the race will start between those who patch and those who exploit.

    Read More
    On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.
    Threats

    Toyota Customer Data Leaked Due To Software Supply Chain Attack

    October 12, 2022

    On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.

    Read More
    On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.
    Threats

    Software Supply Chain Attack Leads to Trojanized Comm100 Installer

    October 03, 2022

    On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.

    Read More
    Malicious actors are poisoning your artifacts to compromise your software supply chain. Learn how to protect your software artifacts and secure servers.
    Best Practices Threats

    Software Artifacts Best Practices to Prevent Getting Hacked

    September 19, 2022

    Malicious actors are poisoning your artifacts to compromise your software supply chain. Learn how to protect your software artifacts and secure servers.

    Read More
    A popular vendor of Magento-Wordpress plug-ins/integrations with 200,000 downloads, has been hacked. This attack is a reminder that malicious 3rd party plug-ins for popular platforms, in this case FishPig integrations for Magento e-commerce platforms, can open the door to critical vulnerabilities.
    Threats

    New Software Supply Chain Attack Installs Trojans on Adobe's Magento E-Commerce Platform

    September 15, 2022

    A popular vendor of Magento-Wordpress plug-ins/integrations with 200,000 downloads, has been hacked. This attack is a reminder that malicious 3rd party plug-ins for popular platforms, in this case FishPig integrations for Magento e-commerce platforms, can open the door to critical vulnerabilities.

    Read More
    GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.
    Threats SCMs

    Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code

    September 08, 2022

    GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.

    Read More
    Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.
    Legit Threats SCMs

    Google & Apache Found Vulnerable to GitHub Environment Injection

    September 01, 2022

    Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.

    Read More
    LastPass data breach: unauthorized access compromised developer accounts and proprietary source code. Learn about the LastPass security incident details and how to protect your business.
    Best Practices Threats

    How Was LastPass Compromised?? Software Supply Chain Attack Tips

    August 29, 2022

    LastPass data breach: unauthorized access compromised developer accounts and proprietary source code. Learn about the LastPass security incident details and how to protect your business.

    Read More
    Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.
    Threats SCMs

    Breaking News: How a Massive Malware Attack Almost Occurred on GitHub

    August 03, 2022

    Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.

    Read More
    We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.
    Best Practices Legit Threats SCMs

    Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks

    May 02, 2022

    We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.

    Read More
    This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.
    Explainers Threats SCMs

    Latest GitHub OAuth Tokens Attack Explained and How to Protect Yourself

    April 18, 2022

    This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.

    Read More
    On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.
    Threats SCMs

    A Cautionary Tale: The Untold Story of the GitLab CVE Backdoor (CVE-2022-1162)

    April 06, 2022

    On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.

    Read More
    Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
    Best Practices Legit Threats SCMs

    Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline

    April 04, 2022

    Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.

    Read More
    What are secrets in source code, why they must be protected, and how to keep them safe.
    Explainers Threats SCMs

    Detecting Secrets in Your Source Code

    March 11, 2022

    What are secrets in source code, why they must be protected, and how to keep them safe.

    Read More

    Request a Demo

    Request a demo including the option to analyze your own software supply chain.

    Request a Demo