Two federal agencies, the National Security Agency and Infrastructure Security Agency, issued a joint memo with recommendations for improving security in application development software supply chains. It highlights the risks associated with CI/CD pipelines and emphasizes the need to stop unauthorized access, data breaches, and malware injection into source code projects. According to Veracode's State of Software Security 2023, almost three-fourths of the 130,000 applications it scanned had at least one security flaw.
|
