Category: Security

  • Static Analysis of Docker image vulnerabilities with Clair

    Static Analysis of Docker image vulnerabilities with Clair

    In a previous article, we described how to build a Docker Registry. Today we look at Clair – a tool that does static analysis of vulnerabilities in a docker image. What is Clair? Clair is a popular open source vulnerability scanning solution for docker images made by CoreOS. Clair is also integrated with quay.io public…

    Petr Kohut
  • Putting security into DevOps Practices

    DevOps: 7 Reasons to Automate Security in your Pipelines

    The DevSecOps Evolution: Incorporating Security into DevOps Practices According to IDC estimates, the worldwide DevOps software market achieved a level of $2.9 billion in 2017 and is forecast to reach $6.6 billion in 2022. Driven by the need for faster innovation, a shift towards microservices architectures, and the evolution of automation and collaboration tooling, the…

    David Gonzalez
    | 1st October 2018
  • Zed Attack Proxy in a CI Pipeline?

    Adding Automated Penetration Testing to Continuous Integration Pipelines Testing, particularly around security, is a core part of the ethos of all nearForm development teams. In many organisations, penetration testing can often happen just before a product first pushes to production, and periodically thereafter. Penetration testing is performed by external teams and is focused on finding…

  • Comparing NPM Audit with SNYK

    At nearForm, we specialize in building practical software solutions for our clients. A part of designing and building a modern solution is making it secure. In today’s world where almost everything is connected and operated by computers, adding security on-top, as an afterthought no longer works. As software architects and engineers, we also focus on…

    Igor Shmukler
  • Dynamic Intrusion Detection for Authorisation Systems like Udaru

    Developing an automated intrusion detection system for Udaru using statistical modelling.

    Andreas Madsen
  • How NearForm approaches SQL Injection Prevention

    What are SQL injections and how nearForm fights with them?

    Ivan Jovanovic
  • Making Promises safer in Node.js

    Promises can be a powerful choice for a Node.js project, but there are some pitfalls to be aware of.

    Matteo Collina
  • Top