https://sven-ruppert.info/categories/devsecops/Recent content in DevSecOps on Sven RuppertHugo -- gohugo.ioensven.ruppert@gmail.com (Sven Ruppert)sven.ruppert@gmail.com (Sven Ruppert)© 2026 Sven RuppertSat, 10 Dec 2022 21:56:43 +0000https://sven-ruppert.info/posts/introduction-to-the-linux-foundations-slsa-project/Sat, 10 Dec 2022 21:56:43 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/introduction-to-the-linux-foundations-slsa-project/<p>Supply Chain Security is a hot topic these days. And more and more, we as developers are dealing with this daily. But what does this mean for us, and how is this influencing our job? I want to give an overview of common attacks against the Software Supply Chain from the developer&rsquo;s view and will introduce the Open Source project SLSA from the Linux Foundation.</p>https://sven-ruppert.info/posts/the-power-of-jfrog-build-info-build-metadata/Fri, 08 Oct 2021 13:42:05 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/the-power-of-jfrog-build-info-build-metadata/<p><strong>Intro</strong></p> <p>This article will take a detailed look at what the term build-info is all about and why it will help us protect against attacks such as the Solarwinds Hack.</p>https://sven-ruppert.info/posts/solarwinds-hack-and-the-executive-order-from-mr-biden-and-now/Tue, 27 Jul 2021 11:10:15 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/solarwinds-hack-and-the-executive-order-from-mr-biden-and-now/<p><a href="https://open.spotify.com/show/0rZHMLs9fWq1G0Q2DAQbc3" target="_blank" rel="noreferrer"><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="" src="https://sven-ruppert.info/images/spotify-badge.svg" ></figure> </a></p> <p>In the past two years, we have had to learn a lot about cybersecurity. The new attack vectors are becoming more and more sophisticated and are directed more and more against the value chain in general. But what does that mean for us? What can be done about it, and what reactions have the state already taken?</p>https://sven-ruppert.info/posts/what-is-the-difference-between-sast-dast-iast-and-rasp/Mon, 19 Jul 2021 15:34:30 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/what-is-the-difference-between-sast-dast-iast-and-rasp/<p><a href="https://open.spotify.com/show/0rZHMLs9fWq1G0Q2DAQbc3" target="_blank" rel="noreferrer"><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="" src="https://sven-ruppert.info/images/spotify-badge.svg" ></figure> </a></p> <p><strong>Intro:</strong></p> <p>In this post, we&rsquo;re going to look at the differences between the various cybersecurity defence techniques. Here you can identify four main groups, which we will go through briefly one after another to illustrate the advantages and disadvantages.</p>https://sven-ruppert.info/posts/the-lifeline-of-a-vulnerability/Fri, 25 Jun 2021 16:17:29 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/the-lifeline-of-a-vulnerability/<p><a href="https://open.spotify.com/show/0rZHMLs9fWq1G0Q2DAQbc3" target="_blank" rel="noreferrer"><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="" src="https://sven-ruppert.info/images/spotify-badge.svg" ></figure> </a></p> <h2 class="relative group">Intro <div id="intro" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#intro" aria-label="Anchor">#</a> </span> </h2> <p>Again and again, we read something in the IT news about security gaps that have been found. The more severe the classification of this loophole, the more attention this information will get in the general press. Most of the time, you don&rsquo;t even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example. But what is the typical lifeline of such a security gap?</p>https://sven-ruppert.info/posts/cvss-explained-the-basics/Wed, 07 Apr 2021 12:20:21 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/cvss-explained-the-basics/<p><a href="https://open.spotify.com/show/0rZHMLs9fWq1G0Q2DAQbc3" target="_blank" rel="noreferrer"><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="" src="https://sven-ruppert.info/images/spotify-badge.svg" ></figure> </a></p> <h3 class="relative group">Intro <div id="intro" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#intro" aria-label="Anchor">#</a> </span> </h3> <p>What is the Common Vulnerability Scoring System short called CVSS, who is behind it, what are we doing with it and what a CVSS Value means for you? I will explain how a CVSS Score is calculated, what the different elements of it mean and what are the differences between the different CVSS versions.</p>https://sven-ruppert.info/posts/a-challenge-of-the-software-distribution/Sun, 14 Feb 2021 14:03:57 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/a-challenge-of-the-software-distribution/<p><a href="https://open.spotify.com/show/0rZHMLs9fWq1G0Q2DAQbc3" target="_blank" rel="noreferrer"><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="" src="https://sven-ruppert.info/images/spotify-badge.svg" ></figure> </a></p> <h3 class="relative group">The four factors that are working against us <div id="the-four-factors-that-are-working-against-us" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#the-four-factors-that-are-working-against-us" aria-label="Anchor">#</a> </span> </h3> <p>Software development is more and more dependent on Dependencies and the frequency of deployments is increasing. Both trends together are pushing themselves higher. Another element that turns the delivery of software into a network bottleneck is the usage of compounded artefacts. And the last trend that is working against us, is the exploding amount of edges or better-called edge nodes.All four trends together are a challenge for the infrastructure.But what we could do against it?</p>https://sven-ruppert.info/posts/devsecops-be-independent-again/Fri, 12 Feb 2021 18:06:03 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/devsecops-be-independent-again/<p><a href="https://open.spotify.com/show/0rZHMLs9fWq1G0Q2DAQbc3" target="_blank" rel="noreferrer"><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="low" alt="" src="https://sven-ruppert.info/images/spotify-badge.svg" ></figure> </a></p> <p>What do the effects the news of the last few months can have to do with risk management and the presumption of storage, and why is it an elementary component of DevSecOps?</p>https://sven-ruppert.info/posts/the-quick-wins-of-devsecops/Thu, 28 Jan 2021 16:56:45 +0000sven.ruppert@gmail.com (Sven Ruppert)https://sven-ruppert.info/posts/the-quick-wins-of-devsecops/<p>Hello and welcome to my DevSecOps post. Here in Germany, it&rsquo;s winter right now, and the forests are quiet. The snow slows down everything, and it&rsquo;s a beautiful time to move undisturbed through the woods.</p>