CIO Influence
CIO Influence News Security

Linux Foundation Rewards StepSecurity’s Impact on CI/CD Pipeline Security Fixes for Critical Open Source Projects

Linux Foundation Rewards StepSecurity’s Impact on CI/CD Pipeline Security Fixes for Critical Open Source Projects

The Linux Foundation’s Secure Open Source (SOS) Rewards recognized StepSecurity’s impact for remediating CI/CD pipelines to comply with security requirements using its SecureWorkflows open source project

Security attacks targeting software supply chains have dramatically increased over the past several years. According to the Open Source Security Foundation (OpenSSF) Scorecard project, over-privileged automated workflow tokens are a high-risk issue because attackers can use a compromised token with write access to push malicious code into projects. Elevated GitHub tokens can lead to serious security incidents with bad actors installing malicious code in trusted software.

“complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities in the affected code or supporting infrastructure.”

StepSecurity’s impact was recently recognized by the Linux Foundation for “complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities in the affected code or supporting infrastructure.” Using SecureWorkflows, StepSecurity fixed projects selected from the OpenSSF’s list of critical open source projects including Python, Gatsby, Ruby on Rails, Babel etc.

Latest ITechnology News: OpenAP Introduces OpenAP Data Hub to Power the Future of Television Advertising with Snowflake

As per Varun Sharma, CEO of StepSecurity, who presented SecureWorkflows at the annual Linux Foundation Open Source Summit in Austin, Texas, “Fixing security problems at scale is hard and there is a huge opportunity to improve the security of software by automated one-click remediation.”

StepSecurity created SecureWorkflows in early 2022 to enable automatic security updates to CI/CD pipelines and significantly reduce the amount of developer time and effort required to apply security settings. Additionally, SecureWorkflows is now integrated with the OpenSSF’s Scorecard project.

Latest ITechnology News: vWise Unveils New Brand Identity to Showcase Expanded Technology

About StepSecurity

Founded by security software veterans, StepSecurity’s mission is to empower open-source communities and enterprises to produce software with confidence. The company offers a multipoint end-to-end platform for security software release and distribution pipelines and is partnering with The Open-Source Security Foundation (OSSF) to help open-source project maintainers remediate critical software supply chain security issues.

ITechnology Cloud News: Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Data Dynamics Partners with Microsoft to Provide a Migration Solution to Accelerate Cloud Journey

CIO Influence News Desk

Scality and Hewlett Packard Enterprise Unveil ARTESCA Lightweight, True Enterprise-Grade Object Storage Software for Kubernetes

CIO Influence News Desk

SecurityScorecard Finds that Breaches More Frequently Reported on Fridays Identifies Risk Mitigation Strategies

CIO Influence News Desk

Leave a Comment