Easily Manage Security Group Rules with the New Security Group Rule ID

At AWS, we tirelessly innovate to allow you to focus on your business, not its underlying IT infrastructure. Sometimes we launch a new service or a major capability. Sometimes we focus on details that make your professional life easier. Today, I’m happy to announce one of these small details that makes a difference: VPC security Read more about Easily Manage Security Group Rules with the New Security Group Rule ID[…]

Amazon CodeGuru Reviewer Updates: New Java Detectors and CI/CD Integration with GitHub Actions

Amazon CodeGuru allows you to automate code reviews and improve code quality, and thanks to the new pricing model announced in April you can get started with a lower and fixed monthly rate based on the size of your repository (up to 90% less expensive). CodeGuru Reviewer helps you detect potential defects and bugs that Read more about Amazon CodeGuru Reviewer Updates: New Java Detectors and CI/CD Integration with GitHub Actions[…]

Four students and their master project in Jenkins security

Context Jenkins is a CI/CD solution and as such, it is critical that the open source plugins that constitute an integral part of it don’t expose the systems they are used on to any security risks and vulnerabilities. It is in that context that we worked as an audit/code review team to track and report Read more about Four students and their master project in Jenkins security[…]

New – Multi-Factor Authentication with WebAuthn for AWS SSO

Starting today, you can add WebAuthn as a new multi-factor authentication (MFA) to AWS Single Sign-On, in addition to currently supported one-time password (OTP) and Radius authenticators. By adding support for WebAuthn, a W3C specification developed in coordination with FIDO Alliance, you can now authenticate with a wide variety of interoperable authenticators provisioned by your Read more about New – Multi-Factor Authentication with WebAuthn for AWS SSO[…]

First results from using GitHub CodeQL to discover security vulnerabilities in Jenkins plugins

A little over a month ago, GitHub announced the general availability of its code scanning solution. It’s based on CodeQL, which makes it pretty easy to write queries for it and run them using the CodeQL GitHub action, CodeQL command line tools, or on lgtm.com. Many of the security vulnerabilities discovered in Jenkins plugins are Read more about First results from using GitHub CodeQL to discover security vulnerabilities in Jenkins plugins[…]

New – Using Amazon GuardDuty to Protect Your S3 Buckets

As we anticipated in this post, the anomaly and threat detection for Amazon Simple Storage Service (S3) activities that was previously available in Amazon Macie has now been enhanced and reduced in cost by over 80% as part of Amazon GuardDuty. This expands GuardDuty threat detection coverage beyond workloads and AWS accounts to also help you protect your Read more about New – Using Amazon GuardDuty to Protect Your S3 Buckets[…]

Severity of cross-site scripting vulnerabilities

Eagle-eyed readers of today’s security advisory may already have noticed that we consider the cross-site scripting (XSS) vulnerabilities to be ‘High’ severity. This is a change from previous security advisories, in which similar vulnerabilities got a ‘Medium’ score. We follow the guidelines of CVSS version 3.0 for the severity we assign to these issues. Their Read more about Severity of cross-site scripting vulnerabilities[…]

Amazon Detective – Rapid Security Investigation and Analysis

Almost five years ago, I blogged about a solution that automatically analyzes AWS CloudTrail data to generate alerts upon sensitive API usage. It was a simple and basic solution for security analysis and automation. But demanding AWS customers have multiple AWS accounts, collect data from multiple sources, and simple searches based on regular expressions are Read more about Amazon Detective – Rapid Security Investigation and Analysis[…]

Introducing the Azure Key Vault Credentials Provider for Jenkins

Azure Key Vault is a product for securely managing keys, secrets and certificates. I’m happy to announce two new features in the Azure Key Vault plugin: a credential provider to tightly link Jenkins and Azure Key Vault. huge thanks to Jie Shen for contributing this integration with the configuration-as-code plugin. These changes were released in Read more about Introducing the Azure Key Vault Credentials Provider for Jenkins[…]

Generic Webhook Trigger Plugin

Table of Contents The Problem Code Duplication And Security A Branch Is Not A Feature Documentation The Solution Code Duplication And Security A Branch Is Not A Feature Documentation This post will describe some common problems I’ve had with Jenkins and how I solved them by developing Generic Webhook Trigger Plugin. The Problem I was Read more about Generic Webhook Trigger Plugin[…]