Mastodawn

Enhance your CI/CD pipeline security with shift left practices! This guide covers 7 best practices for 2026, including secrets management & vulnerability scanning. Reduce risks by 80%! #ShiftLeftSecurity #CICD #DevSecOps #SecureCoding https://estoreab.com/shift-left-security-ci-cd-pipelines-guide

https://estoreab.com/shift-left-security-ci-cd-pipelines-guide

Show thread

Przemysław Kołodziejczyk 1h ago

Source: https://github.com/eshlox/dvm

macOS only. Small, inspectable, no daemon, no plugin runtime. Feedback and pull requests welcome.

#SupplyChainSecurity #npm #InfoSec #DevSecOps #macOS #Linux #Lima #Bash #Sandbox #AISecurity

GitHub - eshlox/dvm

Contribute to eshlox/dvm development by creating an account on GitHub.

GitHub

Black Cat White Hat Security 2h ago

Mashed Potatoes: Perfect Contest
Journey through the labyrinth and score perfect for a chance to win a cool popcorn bucket.

#CyberSecurity #PowerShell #CFML #AI #Networking #SQL #Cloud #GRC #Gaming #Technology #Python #ZeroTrust #DevSecOps #FinOps #Programming

Game Link: https://blackcatwhitehatsecurity.com/theGame17.cfm

Podman Desktop 2h ago

Say hello to Hummingbird for Podman Desktop!

Your local images might have lighter, more secure alternatives waiting to be discovered 👀

With Hummingbird Extension you can:
🛡️ Find hardened image alternatives
🔍 Compare CVEs with Grype integration
📦 Explore a catalog of secure images
⚡ Pull them directly into your workflow

https://github.com/redhat-developer/podman-desktop-hummingbird-ext#hummingbird-extension-for-podman-desktop

Less guessing. More secure containers.
#PodmanDesktop #Containers #DevSecOps

HackerNoon 2h ago

Learn how to build an AI-powered CI/CD security pipeline using Trivy, Semgrep, Gitleaks, GPT-4o, and Slack alerts. https://hackernoon.com/building-a-production-grade-cicd-pipeline-part-2-adding-ai-powered-security-scanning #devsecops

Building a Production-Grade CI/CD Pipeline — Part 2: Adding AI-Powered Security Scanning | HackerNoon

Learn how to build an AI-powered CI/CD security pipeline using Trivy, Semgrep, Gitleaks, GPT-4o, and Slack alerts.

estoreab 2h ago

Securing Docker containers in 2026? Here are 7 DevOps best practices you can't ignore! From CI/CD pipelines to runtime defense, this guide has it all. #ContainerSecurity #DevSecOps #Docker #TechTips https://estoreab.com/comprehensive-guide-container-security-best-practices

https://estoreab.com/comprehensive-guide-container-security-best-practices

Colin Watson 3h ago

Great to see the new Companion Edition released by the OWASP Cornucopia project. A year in the making, project leader Johan Sydseter has organised a whole group of volunteers to build out a new deck of playing cards for the application security threat modelling card game.

The new deck with six new suits also celebrates the 25th anniversary of the Open Worldwide Application Security Project (OWASP).

https://cornucopia.owasp.org/news/20260508-companion-edition

@owasp @sydseter #appsec #devops #devsecops #threatmodelling #owasp

CVEDatabase.com 7h ago

Security Tip: Avoid using "latest" or broad version ranges for your software dependencies. 🛡️

Pinning specific versions in your lockfiles (like package-lock.json or Gemfile.lock) ensures builds are reproducible and protects you from malicious updates pushed to a generic tag. Combine pinning with regular automated scanning to manage your risk effectively.

Research known vulnerabilities at: https://cvedatabase.com

#InfoSec #CyberSecurity #CVE #AppSec #DevSecOps