Spectral now part of Check Point’s CloudGuard to provide the industry’s most comprehensive security platform from code to cloud Read now

Resource center

Spectral’s resource center provides original content for software
developers and security professionals

Filters

Categories

Topics

See more
Couldn't find any results.
The Hidden Trapdoors -- Exposing Leading Vulnerabilities in NPM
Ebooks

The Hidden Trapdoors — Exposing Leading Vulnerabilities in NPM

Node Package Manager (NPM) vulnerabilities emerge as silent yet very real threats. NPM, while an invaluable tool for developers, should not be treated as a source

How BOK Financial Secures Sensitive Data in The Supply Chain with SpectralOps
Case Studies

How BOK Financial Secures Sensitive Data in The Supply Chain with SpectralOps

The company’s leadership felt confident in their existing security tools and measures taken. They believed the company had adequate defenses in place to protect the company’s IP (intellectual property) and private information against external attacks.

White Papers

Mind the gap: The state of secrets scanning in 2021

This whitepaper will review the dangers of secret leakage, the challenges in protecting secrets in the SDLC, and strategies for secret leakage mitigation.

DevSecOps Cloud Security Solutions Buyer's Guide
Ebooks

DevSecOps Cloud Security Solutions Buyer’s Guide

The cloud has come a long way from Eric Schmidt’s “modern” coining of the phrase in 2006. Today, companies and institutions are reliant upon a cloud

github permissions
Documentation

8 Ways to Maximize Security Permissions for GitHub

See how you can maximize security permissions—and your code—before publishing to GitHub. Review the multi-layered permissions and tools you need to create a plan to lock down your GitHub development pipeline.

vulnerability management tools
Ebooks

The DevOps Guide To Vulnerability Management Tools In 2021

Thousands of vulnerabilities are discovered yearly, and business continuity continues to become hinged on the continual network, process, and software uptime. Organizations need to invest time and effort into understanding where their weaknesses lie to maintain that status quo and continue running smoothly.  

Documentation

The ultimate Azure DevOps security checklist

As many as 99% of security failures in the cloud through 2025 will be the customer’s fault. That’s right, ninety-nine percent. While that may imply cloud vendors are doing a good job keeping up their end of the bargain, it also suggests users of cloud services — DevOps teams included — can greatly mitigate risk by focusing on what they can control. 

Where your code secrets hide: risky filetypes to know
Documentation

Where your code secrets hide: risky filetypes to know

It may be an API key that falls in the wrong hands, a set of credentials, encryption keys, or even a URL that is being protected by obfuscation. Secrets will leak, and the smallest secret can escalate to a full-blown data breach. But where exactly do these secrets in code like to hide?

security best practices for github
Documentation

Security best practices for GitHub

According to a study published in 2019, after a comprehensive scan of public GitHub repositories, a total of 575,456 instances of sensitive data such as API keys, private keys, OAuth IDs, AWS access key ID and various access tokens were discovered on the platform.

White Papers

Protecting secrets throughout the SDLC with SpectralOps

This whitepaper will review the dangers of secret leakage, the challenges in protecting secrets in the SDLC, and strategies for secret leakage mitigation.

Documentation

How to choose a secret scanning solution to protect credentials in your code

One of the easiest methods malicious actors use to infiltrate systems and abuse data is by scanning for secrets that accidentally leak into the public space. Why go through the effort of hacking when someone has left the keys to the kingdom sitting on the doormat?

Case Studies

How Perion protects its code from data leaks

The company’s leadership felt confident in their existing security tools and measures taken. They believed the company had adequate defenses in place to protect the company’s IP (intellectual property) and private information against external attacks.

Stop leaks at the source!