Collaborate Disseminate
Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to the RiskSense report. Top 10 weaponized CWEs The study also revealed that it takes a very long time for O… Continue reading 2019 was a record year for OSS vulnerabilities
Security bugs are exploding in open source software, claims a vulnerability management service.
The post Open Source Sucks, Says Ballsy Infosec Firm appeared first on Security Boulevard.
Continue reading Open Source Sucks, Says Ballsy Infosec Firm
How to create a Nexus repository manager using HTTP and how to set up a Docker repository to publish Docker images using the jib plugin.
In this exercise, we are going to learn how to publish Docker images to a private Nexus repository with the he… Continue reading How to Publish Docker Images on a Private Nexus Repository Using Jib Maven Plugin
In my last post, Jenkins X — Managing Jenkins, I talked about how we manage our Jenkins server. This time around, I’ll be looking at the Nexus server and how it too can be similarly managed.
Current Status
Jenkins X comes with an optio… Continue reading Managing Nexus API Using Jenkins X
In the wake of the serious Jenkins vulnerability impacting at least 12,000 Jenkins servers, we dedicate February’s Nexus Intelligence Insights to helping you solve it.
This vulnerability is clever; it opens up two potential lines of attack. … Continue reading Nexus Intelligence Insights CVE-2020-2100: Jenkins – UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)
A vulnerability (CVE-2020-2100) in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered. The vulnerability can also be triggered by a single, spoo… Continue reading 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks
In this article we are going to explore how you can publish your Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.
For this I have created a docker compose file which comes with Nexus and Jenkins. Let’s take into considerations… Continue reading How to Publish Java Artifacts to Nexus Using Jenkins and Maven
We have a series of Jenkins nodes that are used to deploy changes onto our SQL Servers, which works fine as long as everyone behaves and can be trusted.
The worry is that a rogue developer or hacker could simply add something like this in… Continue reading Secure a Jenkins node to only run approved scripts?
I’m following this guide on:
How to set up CI/CD Pipeline for a node.js app with Jenkins
I’ve installed Jenkins on a VPS and I can access the Web UI over an SSH Tunnel. Then I saw this:
http://JENKINS.SERVER.IP:8080/github-w… Continue reading Webhook Security
Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey… Continue reading Application News – Application Security Weekly #69