Mastodawn

AI 코딩의 어두운 그림자: Vibe Coding이 불러온 새로운 보안 위기

AI 코딩 도구가 조직 코드의 60% 이상을 생성하지만 정책은 18%만 보유한 현실. Vibe Coding이 오픈소스보다 위험한 이유와 보안 대책을 WIRED 보도를 중심으로 분석합니다.

Martin Todorov Jul 28, 2025

In my latest article, I illustrate How To Set Up SAST Scanning Using Checkmarx One, GitHub Actions and GitHub Advanced Security.

#checkmarx
#checkmarxone
#buildengineering
#buildtools
#cicd
#devops
#devsecops
#devlearning
#github
#ghas
#infosec
#appsec
#softwaredevelopment
#softwaretesting
#sast

https://medium.com/devops-by-nature/how-to-set-up-sast-scanning-using-checkmarx-one-github-actions-and-github-advanced-security-917201505a6e?sk=f90fc702280e6bf39f4806192c263abb

How To Set Up SAST Scanning Using Checkmarx One, GitHub Actions and GitHub Advanced Security

Checkmarx One is a cloud-native security platform that offers a variety of testing capabilities to help organizations find and fix vulnerabilities throughout the software development lifecycle. It…

DevOps By Nature

ZAP Sep 24, 2024

ZAP has joined forces with Checkmarx

This is a huge investment (and vote of confidence) in ZAP and will secure the project’s future success!

https://www.zaproxy.org/blog/2024-09-24-zap-has-joined-forces-with-checkmarx/

#zaproxy #checkmarx #appsec

ZAP Has Joined Forces With Checkmarx

This is a huge investment (and vote of confidence) in ZAP and will secure the project’s future success.

ZAP

Habr Aug 19, 2024

Внедряем DevSecOps в процесс разработки. Часть 5. Этап Deploy-time Checks, обзор инструментов

Привет! На связи Олег Казаков из Spectr . В предыдущей части я рассказал о тестировании функционала на уязвимость до его попадания на продакшн. По итогам предыдущих статей мы можем проверить код на безопасность, собрать безопасные билды, проверить функционал на наличие уязвимостей. Теперь нам ничего не мешает развернуть данное приложение на продакшне. Сегодня я расскажу о заключительном этапе DevSecOps — Deploy-time Checks. Узнать больше о DevSecOps

https://habr.com/ru/companies/spectr/articles/837018/

#devsecops #sast #iac #Kubesec #checkmarx

Внедряем DevSecOps в процесс разработки. Часть 5. Этап Deploy-time Checks, обзор инструментов

Хабр

Ryan Daws 🤓Nov 16, 2023

Checkmarx uncovers persistent Python package threat https://www.developer-tech.com/news/2023/nov/16/checkmarx-uncovers-persistent-python-package-threat/ #checkmarx #python #security #cybersecurity #infosec #hacking #developers #coding #programming #news #tech #technology

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

Developer Tech News

Xavier Ashe

Jul 6, 2023

Interesting attack vector: taking over the namespace for abandoned #S3 buckets for older versions of #FOSS artifacts.

However, a huge kudos goes out to the #Checkmarx team for going above and beyond!

"To prevent this attack from occurring elsewhere, we took over all the deserted buckets inside open-source packages we found in our search. Now when someone tries to reach the files hosted in these buckets, they will receive a disclaimer file we planted inside those buckets."

https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers

Hijacking S3 Buckets: New Attack Technique

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

Checkmarx.com

FoW Apr 21, 2023

안드로이드 모바일 앱 공급망 공격
- https://www.phonearena.com/news/play-store-apps-contained-malware_id146923
나도 얼마 전에 구글 플레이스토어가 CU앱 즉시 삭제하라고 경고해서 지운 기억 나는데, 아직도 아무 소스 퍼다 쓰는 한국 개발자 문제가 심각한가보구나.
우리 나라는 하청 문화라 더 문제려나? 공급망 공격 막아 줄 검수 솔루션 구매할 만한 자금력은 원청들에게 있을테니깐.
입소문으로 #Checkmarx 아름아름 퍼지던데, 어느정도의 시장이 형성될지는 잘 모르겠다.