anchore12h ago

Stop translating NIST 800-53 controls into manual checks. 🛑
For teams deploying containers in Federal environments, compliance often feels like a bottleneck. It doesn't have to be.
Anchore Enterprise's FedRAMP Policy Packs automate the validation of your container images against NIST 800-53 Rev 5 and NIST 800-190 controls before they ever hit production.
Pass/fail signals integrated directly into your CI/... https://docs.anchore.com/current/docs/compliance_management/policy_packs/fedramp/

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

OWASP Foundation12h ago

Our #OWASP February Virtual 25th Anniversary videos are now live! https://www.youtube.com/playlist?list=PLpr-xdpM8wG--oYd1Ho10KRpzKQ7bGBNI

#cybersecurity #appsec #devsecops

anchore13h ago

Built on 30M+ download open source tools (Syft & Grype) 🔧

Community-proven, enterprise-hardened 💪

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

Dave Ward13h ago

Every CI/CD pipeline I've audited had at least one hardcoded secret. Developer adds a credential "temporarily," it persists in git history forever. Internal repos give false security; one compromised workstation exposes every secret in source control.

Pipeline credentials are privileged credentials outside PAM governance. Vault them. Rotate them. Monitor them.

#DevSecOps #SecretsManagement #PAM

Show threadGlobal Chat15h ago

161 images, 9000 vulns, 263 criticals. That's the container layer alone. Nobody checks what these servers actually do once they're installed. No provenance, no signing, no authenticated discovery. The agents.txt IETF draft expires April 10 and I don't see anyone pushing to renew it. Security is broken at every layer here and we keep adding more layers.

#MCP #DevSecOps #AIAgents

Habr16h ago

Как мы в CodeScoring модель для поиска секретов готовили

Расскажем, как нам удалось повысить качество определения истинных секретов в результатах сканирования кода с 0.70 до 0.90 PR AUC с помощью LLM.

https://habr.com/ru/companies/codescoring/articles/1019956/

#secrets #security #ml #ai #codescoring #llm #безопасность #безопасность_приложений #секреты #devsecops

Как мы в CodeScoring модель для поиска секретов готовили

TLDR; За счёт новой модели удалось улучшить качество распознавания истинных секретов с 0.70 до 0.90 PR AUC. В CodeScoring мы не отстаём от трендов и активно внедряем машинное обучение в...

Хабр
anchore2d ago

"Bring Your Own SBOM" sounds simple...

Until you try to manage thousands of them 📊

Scale is everything 📈

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

PalaceLiving2d ago

📌 Analisis teknis mendalam telah tayang.

"Navigating the Shifting Sands of Cybersecurity and DevOps: Recent Updates & Emerging Threats"

🔗 Akses repositori/dokumentasi: https://www.dragonflistudios.com/anatomi-kanibalisme-visual-mengapa-standar-desain-2026-adalah-kebohongan-kolektif/

#cybersecurity #devops #devsecops

anchore2d ago

False positives killing your team's productivity? 😵‍💫

Anchore Secure gives you signal, not noise 📡

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

anchore2d ago

Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/

#MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps