10 posts tagged with "secureCodeBox"

Cover photo by Mike Lewis HeadSmart Media on Unsplash.

In the previous blogpost we described how to use scans to find infrastructure affected by Log4Shell, but wouldn't it be way more convenient to already have this information available? SBOMs promise to offer that convenience of only having to look up, where an affected dependency is used, and immediately being able to mitigate it. This blog post details our plans to integrate an SBOM creation workflow into the secureCodeBox and our troubles with using different tools for it.

Cover photo by Ray Shrewsberry on Unsplash.

By now, you must have heard about Log4Shell, the present that ruined Christmas for many developers and IT specialists, whether naughty or nice. This blog describes how we used the secureCodeBox as one building block in our incident response process at iteratec.

Cover photo by Agence Olloweb on Unsplash.

With secureCodeBox 3.3, we have added several features that allow you to use secureCodeBox for static application security testing (SAST). This blog post gives an introduction to how several new features of secureCodeBox 3.3 can be used to quickly run targeted SAST scans of your entire codebase. By the end of this post, you will know how to build a SAST workflow to detect which of your repositories include a malicious dependency. We will cover all steps of the process: obtaining a list of all software repositories in your organization, cloning and scanning them, and even dropping all of the results into a DefectDojo instance for later inspection.

Cover photo by Kelly Sikkema on Unsplash.

Learn how our core development team works and about how to collaborate with us!

Cover photo by Tadas Sar on Unsplash.

Get some insights into the fascinating and exhausting world of integrating Windows™ scanners into the secureCodeBox.

Cover photo by Alex Wong on Unsplash.

In a previous post I described the rationale behind our decision to abandon the secureCodeBox v1 and redesign the whole architecture. In this post I'll go into the details of this redesigned architecture.

Cover photo by Evan Dennis on Unsplash.

In this article I will give you a deeper insight why we decided to make a major breaking rewrite of the secureCodeBox. First I'll give you an overview of the v1 architecture and the rationale behind. Also outline the problems we stumbled upon using secureCodeBox v1 for some years now. Afterwards I introduce you to the new secureCodeBox v2 architecture and the rationale behind.

Photo by Levi XU on Unsplash.

As documented we only support the latest four releases of Kubernetes. This means we removed support for Kubernetes 1.16 with the secureCodeBox release 2.3.0.

If you rely on that particular version of Kubernetes, we may help you with custom paid support. Please contact us via email or open an GitHub issue.

(Photo by Elisha Terada on Unsplash)

We are very happy and proud to announce the release version 2.0.0 of secureCodeBox. It is a better, faster and greater secureCodeBox since ever 😀

Photo by Javier Allegue Barros on Unsplash.

Maybe you're wondering what's going on with my beloved secureCodeBox. If you look at the GitHub insights for the main repo, you'll see: Not that much is going on:

So is secureCodeProject dead? Of course not! But we gained a lot of experiences using secureCodeBox and went through some changes in the last couple of months. In this blog post, I'll give you a brief outline of all these changes and what we aim to do in the near future.