Understanding the Link Between API Exposure and Vulnerability Risks


In a digital+ world, there is no escaping “vulnerabilities.” As software development grows more complex and APIs become more central to new software architectures, vulnerabilities can stem from various sources, whether it’s an issue within open-source components or a mistake made by one of your developers. The critical question we need to address is: what […]

Say Goodbye to Manual AppSec Overhead: Unleashing the Power OX’s Automated No-Code Workflows

Introducing OX no code security automation workflows

Last month, we unveiled our Active ASPM Platform which includes our newest feature, no-code automation workflows. OX has established itself as a frontrunner in automating the discovery, analysis, and prioritization of security risks throughout the entire software supply chain, earning recognition as a Gartner Cool Vendor in platform engineering for scaling application security practices. With […]

Betting on a New Approach with Active ASPM

888 case study blog featured image (1)

Streamlining Application Security at 888 Holdings with OX Security In betting and gaming, application security (AppSec) is critical in protecting the integrity and reliability of digital services. 888 Holdings, a global frontrunner in the industry, recognized the need for a proactive AppSec program to safeguard its operations across 15 countries and its workforce of over […]

Key Considerations for Selecting an SBOM Tool

sbom key considerations blog image (1)

With security integrated into development, selecting the right Software Bill of Materials (SBOM) generation tool for your organization is crucial not only for compliance but also as a fundamental component of cybersecurity and operational integrity. With the increasing integration of open-source and third-party components in applications, the transparency and security that an effective SBOM tool […]

SBOM: The Ingredients Label for Cybersecurity

SBOM Blog LinkedIn Graphic

Until the 60s, most Americans prepared most of their meals at home. The appetite for pre-packaged food rose in that decade, and the shift in consumer demand resulted in public demand for more detailed product information for nutritional and food safety reasons. This resulted in the USDA mandating that a list of ingredients be placed […]

Streamlining DevOps: How to Integrate OX with GitLab for Enhanced Security


We’re thrilled to announce that The OX Active ASPM platform is now fully integrated with GitLab. With this integration, users no longer have to choose between rapid deployment or security in their software development. GitLab’s comprehensive web-based platform, known for its source control, issue tracking, and CI/CD capabilities, now enhances its offering with OX’s automated […]

Securing the Cloud-Native Landscape: Embracing Active ASPM for Compliance

Untitled design (3)

In an era where digital transformation is ubiquitous and cloud-native applications drive more and more enterprise workloads, organizations must navigate a landscape fraught with threats targeting these applications, specifically targeting the data they process and contain. The growing complexity of applications and the expanding attack surface necessitates that development and security teams adopt a comprehensive […]

Agility Meets Security: Kaltura’s Journey to Streamlined Development with OX Security

kaltura blog graphic

Discover how Kaltura strengthened its software supply chain and transformed its approach to application security with OX’s Active ASPM. Pioneering video technology, Kaltura needed to strengthen its software supply chain and redefine its strategy for application security. Confronting obstacles in achieving agile innovation by balancing the speed and security of software releases, Kaltura needed a […]

Three ways to manage cybersecurity tool sprawl in your software supply chain

tool sprawl blog image

Sprawl happens Software development organizations evolve. Teams grow. The number of projects increases. Tech stacks change. Technology and management decisions have become more decentralized. Throughout this evolution, the organization’s AppSec tool portfolio also grows. In dynamic organizations, this can lead to “tool sprawl.” A sprawling AppSec tool portfolio includes many point solutions, acquired by different […]

Protect Your Software Supply Chain with OX Security’s Latest Integration with Bitbucket Cloud


Discover the power of OX Security through our native integration with Atlassian Bitbucket CloudApp, designed to seamlessly integrate vulnerability scans into your software projects. Our scans go beyond the surface, delving into secrets, SAST issues, SCA, Open Source dependency concerns, IaC issues, and more. How It Works Configurable to meet your specific needs, scans can […]

Elevating Software Supply Chain Security with OSC&R

oscar blog featured image

Five ways the OSC&R framework helps CISOs and AppSec leaders verify their software supply chain security   Software supply chains are lucrative attack targets Software supply chains are very lucrative cybersecurity attack targets. As SolarWinds, CircleCI, and Progress Software attacks have shown, breaching one system–a commercial SaaS application–provides attackers access to the many customers of […]

Automating your way out of an AppSec staffing shortage

automating your way out of an appesc staffing shortage

If you’re like most companies, you might be struggling to hire and retain skilled application security staff. According to a 2023 study by the Information Systems Security Association (ISSA), 71% of companies feel they are negatively impacted by a shortage of skilled cybersecurity professionals. The study also showed that over half the respondents felt that […]

DevSecOps Dashboard – Build vs. Buy?

build or buy graphic

3 things to consider before you develop a custom risk dashboard for your software supply chain TL;DR – BUY Seriously though. If you’re contemplating a build vs. buy decision, buying gets you a working DevSecOps dashboard sooner and usually at lower cost than building something in house. And whether you build or buy a dashboard […]