[Webstore-china] Scribe integrity and GitGat tools are online and free to use 😎

Mon Aug 1 13:23:23 UTC 2022

Scribe News

Scribe Integrity

Say hello to Scribe integrity. It is now online and free for you to use. In its first version, it provides both file integrity and open-source package integrity for node projects that produce a Kubernetes image. It produces a downloadable high-resolution SBOM with intelligent insights. All you need is to use a simple CLI interface and the SBOM will be easily created in an intuitive dashboard.

Using Scribe integrity you can verify the integrity and provenance of both the git repository proprietary files and the open-source dependencies ingested into the final image. The fact that the tool is verifying open-source packages is aligned with OpenSSF (https://d2wrlk04.na1.hubspotlinks.com/Ctc/W+113/d2wrlk04/VW0rc78JgP_kN4wZ3GngBVCMV9TLwZ4Nbj7GN3V8l8J3l0fcV1-WJV7CgSGqW36WG0R6vl6bKW6N2QMx2kMLc6W98xK2g4syMRzW39RfBC10sN6jW2tLPjm49HV2sW2n-KGY2M77T7W65J9XY1Z8FGGVx7tDf7lM8mlW8gKrKh1CwrbSW98HzlT4VJhCgW3kXFbp8GLdc-W18tkR07MpjnxW4HqLNW8vpSc8W13XXCW2_mJx1W3SzVl98NVpx1W91vYQF8q9SHdMnrjnc5VvZfW3qDZXy948LqVVHL_Vk4Z0wybN5pgy314_xsr3hmq1 ) ’s priorities for the Alpha Omega project (https://d2wrlk04.na1.hubspotlinks.com/Ctc/W+113/d2wrlk04/VW0rc78JgP_kN4wZ3GngBVCMV9TLwZ4Nbj7GN3V8l8_3l0fwV1-WJV7CgK-WN32XLpQNpd6yW1fm29249JTHmN6D0Qs6jdXD_V9P3tn5LRQhcW5mC6_L7bp_SfN2qY9K4R2l5RW8z1YQP7K6f90N2406J2fx9TWW3nBZt-75K4qHW8zJLKm3w0Hb1W5F7JTp8tDlHVW20pW223qrbS7W8Kxkn_2-RZcvN8m4qgRwqXB8W3fSwzk6MY3qqW7d5wh393NTqKW5VjytL4HpZn4W5r5x-y4N1ddqVBkyMv3t-P6NW3g3f7x2lLdd2W5jLxzH2C8kN0W7SzQ_V7Z_blq2Bz1 ) , which put NPM and node.js as the first priorities to be treated.

Try it for FREE now
(https://d2wrlk04.na1.hubspotlinks.com/Ctc/W+113/d2wrlk04/VW0rc78JgP_kN4wZ3GngBVCMV9TLwZ4Nbj7GN3V8l8_3l0fwV1-WJV7CgZKZW1RCDWC7tm3PVN5ywS3KwBlNpN5xxnRVYCYygW27kQLz2_bmVQW6rvNT73bN64JW1Cc2Tt1j7SJtW61bFWr3wmkhqW55p6jp9fFr-tW5-d8C-43GcShW5RZb3P6Jsj_tW1p39qq93fMDJW1D5YC_7cN7n1W3sP_1v7_L-KJW8PHfbx8RS6B2W7bhFzH3F7BFLW5LkWXm2WGLkbW4RjZJZ15Cp5tW37nrz51WWdxgVcvNNd3n7X3CW5jwQH47j30y1W8Xc7vz7H4-Z-W3xzLvl7F7tM53n7J1 )

GitGat

With the goal of providing you with easy and accessible repo of OPA policies for evaluating the security status of your CI/CD tools (starting with GitHub), we are more than happy to share with you GitGat (https://d2wrlk04.na1.hubspotlinks.com/Ctc/W+113/d2wrlk04/VW0rc78JgP_kN4wZ3GngBVCMV9TLwZ4Nbj7GN3V8l8_3l0fwV1-WJV7CgK7DN7-ldryJFVTmW3Dg5M08RvrzJW1z07kK4PpT10W6FcGXj7dRSYSW495qGR3ZTrFQW64g8GQ7VcWZLW1rwglS5M-0KTW7k2-Z_5THsf6W6Nw93k6Z__zWW7KR5Hz8HGbGZW76SrKN7fF-JKW83BMxV1pCj98W8lwFX314hHDYVz8-tV4q6Tb5W6PJb-g8Q8T9lW40nhsn4GFs2LW5Y-97x7LQhXhVKxMsP2ktVfQN1Dl6-F-hwhdW7XDZg64TYplKW1HJV1M4CtPzSW1W6d0791DS493hSq1 ) . You can now assess the security settings of your SCM account and receive a status report of your security gaps as well as actionable recommendations.

Since your source-control system is one of the most sensitive links in your software development life cycle, it stands to reason that securing it should be one of your first steps in securing the software development environment.

With GitGat you get insights into the following issues:

- Access control – prevent initial-access techniques based on credential theft.
- Permissions – prevent attack steps that stem from excessive permissions execution, defense evasion, and credential access.
- Branch Protection – prevent attack steps that exploit unintended and unpermitted repository modifications: execution, persistence, defense evasion, and impact.
- File Modification Tracking – prevent/detect attack steps that exploit file access permissions granted by default when using GitHub: execution, persistence, and defense evasion.

Feel free to offer ideas, requests, or help the project grow by adding more OPA policies or policies for more SCMs or even other CI/CD tools. There are many directions this project can grow into, and we’re excited to explore them with you.

Give it a try
(https://d2wrlk04.na1.hubspotlinks.com/Ctc/W+113/d2wrlk04/VW0rc78JgP_kN4wZ3GngBVCMV9TLwZ4Nbj7GN3V8l8_3l0fwV1-WJV7CgK7DN7-ldryJFVTmW3Dg5M08RvrzJW1z07kK4PpT10W6FcGXj7dRSYSW495qGR3ZTrFQW64g8GQ7VcWZLW1rwglS5M-0KTW7k2-Z_5THsf6W6Nw93k6Z__zWW7KR5Hz8HGbGZW76SrKN7fF-JKW83BMxV1pCj98W8lwFX314hHDYVz8-tV4q6Tb5W6PJb-g8Q8T9lW40nhsn4GFs2LW5Y-97x7LQhXhVKxMsP2ktVfQN1Dl6-F-hwhdW7XDZg64TYplKW1HJV1M4CtPzSW1W6d0791DS493hSq1 )

Evaluating SLSA Automation

At the Open Source Summit North America in Austin Texas on June 21st, our CTO, Danny Nebezhal, gave a lecture about the lessons learned from automating a SLSA level 3 evaluation in an organization. The lecture shed light on the real-world details and challenges we encountered when evaluating, and automating SLSA (Supply-chain Levels for Software Artifacts by Google). Danny’s lecture shows how we employed open-source tools in real-world scenarios starting with SLSA level 1 and going up to level 3.

If you have any interest in SLSA or duplicating such an automated evaluation for your organization, contact us (mailto:info at scribesecurity.com) .

Check out the lecture recording
(https://d2wrlk04.na1.hubspotlinks.com/Ctc/W+113/d2wrlk04/VW0rc78JgP_kN4wZ3GngBVCMV9TLwZ4Nbj7GN3V8l8p5jyM5V3Zsc37CgM19W4ZzTb62bLszdW8nGp5n3w8yHjN3prQ14880rlW72gFg36XBNF2W3H8MzQ7rFLsPW2Zlt2v3spmMSW3wR9w173bc3hN5yKn9hRTV3hW72TLZV1DRQHFVV6jkk1YxPtXW75k1Vp2Yh9WYW5qBfSj7nL0yZW2h-99w5JlbthN8zSWtyHQRMTW4g1XjQ65v_YQW51cJ1B6trCV_W8W7J4539JHmHW34rp5L47g9flW7ZdGbM10PjN8W8hRqjq8yWwv_W5LJBMR1M0YBDW5PNMk_3F69dXW8n9NtK1scX_KW4mwKZh2Zzt5bW95HWgW6BghjxVBn_Kc16rh2XW6b4H6H7yTRCdW81P5Vq1bQrzgVTd3k884MKq5W8LSPvQ7VswpmW92YS316dfvPZW6Hh8sN92WnvNW3qL39F3F2k3SW2XwKFw6tBnCg3j721 )

The Scribe Team

Have questions? Either respond to this email or contact us (mailto:info at scribesecurity.com)

Scribe Security, Carlebach, 1, Tel Aviv 6713205, Israel

Unsubscribe (https://hs-21325697.s.hubspotemail.net/hs/manage-preferences/unsubscribe-all?languagePreference=en&d=VngbxD7BB6QWVYfl-b4cQhLHW3JF3Yj3T1jCMW49Kv7K3zhlZXW43T2P85ct64bW15gBJz4VCcZPW90TJck5ZDw1kW5cRxsS6Yzj4dVX8QxZ7tPcdzMXk_7QbwgFTW96w_c16_hCpWVPxCTt1HlC7x332B2&v=3&_hsenc=p2ANqtz--tLaZD_A9jeN6jatKULqczPBvQyacX-A_YpeetnCkfg2F9JIw33ErWKGrIODJH3Rzr12vNNBXSLM5gF2q_F-S-u2WBPAHjuRy_PYyHmCHPFhmR_w8&_hsmi=221425599 )

Manage preferences (https://hs-21325697.s.hubspotemail.net/hs/manage-preferences/unsubscribe?languagePreference=en&d=VngbxD7BB6QWVYfl-b4cQhLHW3JF3Yj3T1jCMW49Kv7K3zhlZXW43T2P85ct64bW15gBJz4VCcZPW90TJck5ZDw1kW5cRxsS6Yzj4dVX8QxZ7tPcdzMXk_7QbwgFTW96w_c16_hCpWVPxCTt1HlC7x332B2&v=3&_hsenc=p2ANqtz--tLaZD_A9jeN6jatKULqczPBvQyacX-A_YpeetnCkfg2F9JIw33ErWKGrIODJH3Rzr12vNNBXSLM5gF2q_F-S-u2WBPAHjuRy_PYyHmCHPFhmR_w8&_hsmi=221425599 )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/webstore-china/attachments/20220801/d8358d63/attachment-0001.htm>