DEV Community

Security

Hopefully not just an afterthought!

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Checkov's OIDC Bug: Why CKV_AWS_358 Misses 80% of Misconfigurations
trustfix profile

Checkov's OIDC Bug: Why CKV_AWS_358 Misses 80% of Misconfigurations

#aws #security #terraform #opensource
Comments
3 min read
Passwordless Login Needs Less Than Passkeys
aristech profile

Passwordless Login Needs Less Than Passkeys

#authentication #security #webdev #opensource
Comments
6 min read
npm Publish Without Tokens
jurijtokarski profile

npm Publish Without Tokens

#cicd #github #npm #security
Comments
3 min read
The Compliance Trap: Why 90% of Security Scans are Technically Correct but Strategically Worthless
eldor_zufarov_1966 profile

The Compliance Trap: Why 90% of Security Scans are Technically Correct but Strategically Worthless

#security #devops #python #ai
Comments
7 min read
Why I built attack-chain correlation on top of Semgrep and Joern
hamza_miladin profile

Why I built attack-chain correlation on top of Semgrep and Joern

#security #ai #appsec #opensource
Comments
3 min read
Why AI Agent Authorization Is Still Unsolved in 2026
webpro255 profile

Why AI Agent Authorization Is Still Unsolved in 2026

#agents #ai #cybersecurity #security
Comments
7 min read
Delete the Vercel Claude Code Plugin. Here's Why I Did.
ww-w-ai profile

Delete the Vercel Claude Code Plugin. Here's Why I Did.

#ai #vibecoding #security #privacy
Comments
5 min read
Securing Package Manager Postinstall Scripts: Mitigating Access to Sensitive User Data During Installation
viklogix profile

Securing Package Manager Postinstall Scripts: Mitigating Access to Sensitive User Data During Installation

#security #sandboxing #packagemanagers #postinstallscripts
Comments
8 min read
When Your Security Scanner Becomes the Weapon: Lessons from the Trivy Supply Chain Attack
toniantunovic profile

When Your Security Scanner Becomes the Weapon: Lessons from the Trivy Supply Chain Attack

#security #devops #github #devsecops
1
Comments
2 min read
I Built a Gate That Blocks Vulnerable AI-Generated Code Before It Merges
vorsken profile

I Built a Gate That Blocks Vulnerable AI-Generated Code Before It Merges

#security #github #ai #devops
Comments 3
3 min read
Beyond the Token: Securing Your Localhost with Biometric Passkeys
instatunnel profile

Beyond the Token: Securing Your Localhost with Biometric Passkeys

#cybersecurity #security #tooling #webdev
Comments
9 min read
I Added Minimum GitHub Security Settings to My OSS Repositories and Created a Setup Guide
shibayu36 profile

I Added Minimum GitHub Security Settings to My OSS Repositories and Created a Setup Guide

#security #github #programming
Comments
4 min read
How to Secure AI Agents in Production: What MCP Gets Right (and What It Doesn’t)

The lethal trifecta of agent risk
hadil profile

How to Secure AI Agents in Production: What MCP Gets Right (and What It Doesn’t)

#ai #machinelearning #security #backend
81
Comments 25
8 min read
Every Compliance Framework Requires Key Rotation. No Platform Tells You When.
oceansach profile
Sarwar

Every Compliance Framework Requires Key Rotation. No Platform Tells You When.

#devops #infosec #monitoring #security
Comments
5 min read
I Was a Blockchain Developer for Years. Then I Tried to Add KYC to a Web3 App.
hamzayasin1 profile

I Was a Blockchain Developer for Years. Then I Tried to Add KYC to a Web3 App.

#webdev #beginners #security #blockchain
Comments
4 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.