#developersecurity — Public Fediverse posts

----------------

🛠️ Tool
===================

Bumblebee is a read-only inventory collector targeting package, extension, and developer-tool metadata on macOS and Linux developer endpoints. It addresses a specific supply-chain response gap: when an advisory names a package or version, which developer machines currently have a matching entry in their on-disk metadata?

The problem space

SBOMs tell you what shipped. EDR tells you what ran or touched the network. But supply-chain incidents often require a third view: the messy local state spread across lockfiles, package-manager install metadata, extension manifests, and developer-tool configuration files. Bumblebee turns that scattered on-disk state into structured NDJSON component records and, when given an exposure catalog, flags exact matches for fast triage.

Technical architecture
• Single static binary, Go 1.25+, zero non-stdlib dependencies. Straightforward fleet deployment.
• Three scan profiles (baseline, project, deep) for different populations and cadences.
• Strictly read-only: no package manager execution (npm ls, pip show, go list), no source-file reads.
• MCP host configs can carry environment values and credentials in env blocks. Bumblebee parses these for server inventory but does not emit those values in output records.

Ecosystem coverage
• npm, pnpm, Yarn, Bun (via lockfiles and node_modules)
• PyPI (via dist-info/METADATA, egg-info)
• Go modules (go.sum, go.mod)
• RubyGems (Gemfile.lock, *.gemspec)
• Composer (composer.lock, installed.json)
• MCP JSON host configs (Claude Desktop, Cline, Gemini CLI/Code Assist). Non-JSON configs like Codex config.toml and Continue YAML not parsed in v0.1.
• Editor extensions: VS Code, Cursor, Windsurf, VSCodium
• Browser extensions: Chromium-family, Firefox

Self-test

bumblebee selftest runs against embedded fixtures with deliberately fake package names ([email protected]). Useful as a pre-deployment smoke test for fleet rollouts.

go install github.com/perplexityai/bumblebee/cmd/bumblebee@latest
bumblebee selftest

Known limitations
• Read-only by design: no runtime dependency or process detection
• bun.lockb presence detected but not parsed (diagnostic only)
• Non-JSON MCP configs unsupported in v0.1
• Note: haven't tested personally

🔹 tool #supplychain #SBOM #inventory #developersecurity

🔗 Source: https://github.com/perplexityai/bumblebee

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://fed.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://web.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://web.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://fed.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

OpenAI warns macOS users to update ChatGPT and Codex apps after Axios supply chain scare

https://web.brid.gy/r/https://nerds.xyz/2026/04/openai-macos-app-update-axios/

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec

Anil Bhasin from Wiz told TechNadu, “Rather than asking developers to decode generic alerts, the focus should be on delivering clear, contextual findings.”
He explains how developer-first security empowers innovation through automation, collaboration, and shared ownership. https://www.technadu.com/the-security-dilemma-creating-a-supportive-security-ecosystem-that-enables-speed-and-developer-empowerment/611717/

#CyberSecurity #DevSecOps #AppSec #Wiz #DeveloperSecurity #TechNadu

Anil Bhasin from Wiz told TechNadu, “Rather than asking developers to decode generic alerts, the focus should be on delivering clear, contextual findings.”
He explains how developer-first security empowers innovation through automation, collaboration, and shared ownership. https://www.technadu.com/the-security-dilemma-creating-a-supportive-security-ecosystem-that-enables-speed-and-developer-empowerment/611717/

#CyberSecurity #DevSecOps #AppSec #Wiz #DeveloperSecurity #TechNadu

Anil Bhasin from Wiz told TechNadu, “Rather than asking developers to decode generic alerts, the focus should be on delivering clear, contextual findings.”
He explains how developer-first security empowers innovation through automation, collaboration, and shared ownership. https://www.technadu.com/the-security-dilemma-creating-a-supportive-security-ecosystem-that-enables-speed-and-developer-empowerment/611717/

#CyberSecurity #DevSecOps #AppSec #Wiz #DeveloperSecurity #TechNadu

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

Critical Figma MCP Server Flaw Allows Remote Code Execution https://dailydarkweb.net/critical-figma-mcp-server-flaw-allows-remote-code-execution/ #RemoteCodeExecution #DeveloperSecurity #commandinjection #Vulnerability #CyberSecurity #vulnerability #CVE202553967 #Figma #patch #MCP #RCE

Critical Figma MCP Server Flaw Allows Remote Code Execution https://dailydarkweb.net/critical-figma-mcp-server-flaw-allows-remote-code-execution/ #RemoteCodeExecution #DeveloperSecurity #commandinjection #Vulnerability #CyberSecurity #vulnerability #CVE202553967 #Figma #patch #MCP #RCE

Critical Figma MCP Server Flaw Allows Remote Code Execution https://dailydarkweb.net/critical-figma-mcp-server-flaw-allows-remote-code-execution/ #RemoteCodeExecution #DeveloperSecurity #commandinjection #Vulnerability #CyberSecurity #vulnerability #CVE202553967 #Figma #patch #MCP #RCE

Critical Figma MCP Server Flaw Allows Remote Code Execution https://dailydarkweb.net/critical-figma-mcp-server-flaw-allows-remote-code-execution/ #RemoteCodeExecution #DeveloperSecurity #commandinjection #Vulnerability #CyberSecurity #vulnerability #CVE202553967 #Figma #patch #MCP #RCE

WhiteCobra threat group targets developers with malicious VSCode extensions, stealing cryptocurrency from wallets. They've already stolen $500K+ and can generate fake credibility with 50K fake downloads in hours. Even experienced security professionals have fallen victim to these sophisticated attacks. #CyberSecurity #DevSecurity #VSCode #Malware #CryptoCurrency #DeveloperSecurity #WhiteCobra https://devops.com/whitecobra-targets-developers-with-dozens-of-malicious-extensions/

WhiteCobra threat group targets developers with malicious VSCode extensions, stealing cryptocurrency from wallets. They've already stolen $500K+ and can generate fake credibility with 50K fake downloads in hours. Even experienced security professionals have fallen victim to these sophisticated attacks. #CyberSecurity #DevSecurity #VSCode #Malware #CryptoCurrency #DeveloperSecurity #WhiteCobra https://devops.com/whitecobra-targets-developers-with-dozens-of-malicious-extensions/

WhiteCobra threat group targets developers with malicious VSCode extensions, stealing cryptocurrency from wallets. They've already stolen $500K+ and can generate fake credibility with 50K fake downloads in hours. Even experienced security professionals have fallen victim to these sophisticated attacks. #CyberSecurity #DevSecurity #VSCode #Malware #CryptoCurrency #DeveloperSecurity #WhiteCobra https://devops.com/whitecobra-targets-developers-with-dozens-of-malicious-extensions/

WhiteCobra threat group targets developers with malicious VSCode extensions, stealing cryptocurrency from wallets. They've already stolen $500K+ and can generate fake credibility with 50K fake downloads in hours. Even experienced security professionals have fallen victim to these sophisticated attacks. #CyberSecurity #DevSecurity #VSCode #Malware #CryptoCurrency #DeveloperSecurity #WhiteCobra https://devops.com/whitecobra-targets-developers-with-dozens-of-malicious-extensions/

DNS attacks are not just legacy threats – they’re evolving.

In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.

A must-read if you're building Java-based backend systems or securing internal services.

🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/

#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign

DNS attacks are not just legacy threats – they’re evolving.

In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.

A must-read if you're building Java-based backend systems or securing internal services.

🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/

#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign

DNS attacks are not just legacy threats – they’re evolving.

In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.

A must-read if you're building Java-based backend systems or securing internal services.

🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/

#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign

DNS attacks are not just legacy threats – they’re evolving.

In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.

A must-read if you're building Java-based backend systems or securing internal services.

🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/

#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign

DNS attacks are not just legacy threats – they’re evolving.

In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.

A must-read if you're building Java-based backend systems or securing internal services.

🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/

#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign

Ransomware in VSCode extensions raises serious concerns about Microsoft’s marketplace security.

Two extensions—“ahban.shiba” and “ahban.cychelloworld”—were found on the Visual Studio Code Marketplace containing ransomware that evaded Microsoft’s security checks for months.

Key takeaways:
・⚠️ Malicious code used PowerShell to fetch ransomware from a remote AWS server
・💸 Victims were told to pay 1 ShibaCoin—no actual payment instructions were provided
・🕒 Extensions stayed live despite being flagged by ExtensionTotal back in November 2024
・🧪 Ransomware appeared to be in an early testing phase, only encrypting files in test folders

This incident highlights ongoing gaps in third-party extension vetting and the urgent need for tighter security controls—even on official marketplaces.

Full story: https://www.cysecurity.news/2025/03/ransomware-found-in-vscode-extensions.html

#CyberSecurity #VSCode #Microsoft #Malware #DevTools #SecurityAwareness #Ransomware #Infosec #DeveloperSecurity

Ransomware in VSCode extensions raises serious concerns about Microsoft’s marketplace security.

Two extensions—“ahban.shiba” and “ahban.cychelloworld”—were found on the Visual Studio Code Marketplace containing ransomware that evaded Microsoft’s security checks for months.

Key takeaways:
・⚠️ Malicious code used PowerShell to fetch ransomware from a remote AWS server
・💸 Victims were told to pay 1 ShibaCoin—no actual payment instructions were provided
・🕒 Extensions stayed live despite being flagged by ExtensionTotal back in November 2024
・🧪 Ransomware appeared to be in an early testing phase, only encrypting files in test folders

This incident highlights ongoing gaps in third-party extension vetting and the urgent need for tighter security controls—even on official marketplaces.

Full story: https://www.cysecurity.news/2025/03/ransomware-found-in-vscode-extensions.html

#CyberSecurity #VSCode #Microsoft #Malware #DevTools #SecurityAwareness #Ransomware #Infosec #DeveloperSecurity

Ransomware in VSCode extensions raises serious concerns about Microsoft’s marketplace security.

Two extensions—“ahban.shiba” and “ahban.cychelloworld”—were found on the Visual Studio Code Marketplace containing ransomware that evaded Microsoft’s security checks for months.

Key takeaways:
・⚠️ Malicious code used PowerShell to fetch ransomware from a remote AWS server
・💸 Victims were told to pay 1 ShibaCoin—no actual payment instructions were provided
・🕒 Extensions stayed live despite being flagged by ExtensionTotal back in November 2024
・🧪 Ransomware appeared to be in an early testing phase, only encrypting files in test folders

This incident highlights ongoing gaps in third-party extension vetting and the urgent need for tighter security controls—even on official marketplaces.

Full story: https://www.cysecurity.news/2025/03/ransomware-found-in-vscode-extensions.html

#CyberSecurity #VSCode #Microsoft #Malware #DevTools #SecurityAwareness #Ransomware #Infosec #DeveloperSecurity

GitHub detected 39 million exposed secrets in 2024! Learn how their major security upgrade protects your code with AI-powered scanning, free risk assessment, and enhanced push protection. Don't let your API keys become the next compromise.

#SecurityLand #BusinessShield #CyberSecurity #GitHub #DeveloperSecurity

Read More: https://www.security.land/github-bolsters-security-after-39-million-secret-leaks-in-2024/

GitHub detected 39 million exposed secrets in 2024! Learn how their major security upgrade protects your code with AI-powered scanning, free risk assessment, and enhanced push protection. Don't let your API keys become the next compromise.

#SecurityLand #BusinessShield #CyberSecurity #GitHub #DeveloperSecurity

Read More: https://www.security.land/github-bolsters-security-after-39-million-secret-leaks-in-2024/

My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.

Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.

https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security

#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec

My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.

Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.

https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security

#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec

My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.

Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.

https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security

#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec

My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.

Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.

https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security

#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec

My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.

Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.

https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security

#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec

New #infographic on developer-focused security based on my latest research: Walking the Line: GitOps and Shift Left Security https://www.esg-global.com/research/infographic-walking-the-line-gitops-and-shift-left-security
#devsecops #infosec #cybersecurity #cloudsecurity #developersecurity #shiftleft #CloudSecurityOperations

New #infographic on developer-focused security based on my latest research: Walking the Line: GitOps and Shift Left Security https://www.esg-global.com/research/infographic-walking-the-line-gitops-and-shift-left-security
#devsecops #infosec #cybersecurity #cloudsecurity #developersecurity #shiftleft #CloudSecurityOperations

New #infographic on developer-focused security based on my latest research: Walking the Line: GitOps and Shift Left Security https://www.esg-global.com/research/infographic-walking-the-line-gitops-and-shift-left-security
#devsecops #infosec #cybersecurity #cloudsecurity #developersecurity #shiftleft #CloudSecurityOperations

New #infographic on developer-focused security based on my latest research: Walking the Line: GitOps and Shift Left Security https://www.esg-global.com/research/infographic-walking-the-line-gitops-and-shift-left-security
#devsecops #infosec #cybersecurity #cloudsecurity #developersecurity #shiftleft #CloudSecurityOperations