Hopper Security

Django developers have been flying blind on security for too long. Most tools don’t understand how Django apps actually work. They flood teams with noise, miss real issues, and slow everyone down. That ends now. We’ve released the first accurate vulnerability analysis built for #Django. It handles class-based views, custom handlers, dynamic routing, and more. Real reachability. Zero guesswork. Insights you can act on. This is a major leap forward for anyone building in Django. Huge credit to Michael Peleg and his team for leading the charge, and to the Hopper Security team for delivering what the ecosystem has been missing. Read the full post: https://xmrrwallet.com/cmx.plnkd.in/dUHXvHXN #Django #AppSec #SoftwareSecurity #OSS #Python #ProdSec #ApplicationSecurity #SCA

We're excited to announce full support for Django in Hopper’s function-level reachability engine. Django is powerful but highly dynamic, which makes it difficult for traditional tools to analyze accurately. Hopper now provides the first truly accurate vulnerability analysis for Django applications, understanding routing logic, context injection, runtime execution, and more. We trace real execution paths to prioritize only the risks that matter. Django support is live for all users. No CI/CD changes required. 📖 Read more in the blog by R&D Lead Michael Peleg: https://xmrrwallet.com/cmx.plnkd.in/e-Wqp7sw #AppSec #Python #Django #VulnerabilityManagement #DevSecOps #CyberSecurity #FunctionLevelReachability #HopperSecurity

Patches don’t equal protection. Just because a library is patched doesn’t mean it’s no longer a risk. Many organizations continue to pull in outdated versions of internal libraries through artifact stores, even after patching the latest version. Legacy SCA tools scan the repository and say you're safe. Meanwhile, older versions quietly make their way into production and bring known vulnerabilities with them. In our latest blog, we break down this blind spot and show how Hopper traces real usage, maps vulnerable call paths, and surfaces the risks traditional tools miss. See how Hopper closes the loop on internal library risk: 🔗 https://xmrrwallet.com/cmx.plnkd.in/euii3Bjs #ApplicationSecurity #SoftwareSecurity #DevSecOps #SCA #AppSec #HopperSecurity

Today is the day! Join us in NYC from 4–8 PM for Security Under the Sun 🌇🍸🚕🗽 Come hang out with DoControl, Armis, Hopper Security, Amazon Web Services (AWS), Entro Security, Cyvore, & Trustifi @ Jay Suites Grand Central, 369 Lexington Ave, 3rd Floor – it's going to be a blast! 🔗 Sign up here to meet with NYC’s best in sec → https://xmrrwallet.com/cmx.plnkd.in/dpqNAVxs See you all tonight!

What if your biggest security blind spot is... your own code? We just released a quick demo showing how Hopper Security gives security teams full visibility into risks introduced by internally developed libraries. These are libraries your own teams build and store in Artifactory, Nexus, or Azure Artifacts. They're trusted by default, widely reused, and almost always overlooked. But here’s the problem: many of our customers have uncovered function-level reachable vulnerabilities from these libraries. We’re talking CISA KEV entries, EPSS scores over 90%, and full call paths all the way to the vulnerable function. The kicker? Their repositories were clean. Patched. Up to date. The exposure persisted because applications were still pulling older versions of those internal libraries from artifact stores. And there was no visibility into where or how that was happening. In the demo, we show how Hopper: - Traces vulnerable call paths all the way to the internal library that introduced them - Combines reachability and EPSS to highlight the highest-risk cases - Shows which internal packages are proliferating risk the fastest across your codebase In some environments, over *50%* of open source risk comes from internally developed libraries. This isn’t just a visibility problem. It’s a real attack surface you can’t afford to ignore. #AppSec #ProdSec #OSS #SoftwareSupplyChain #DevSecOps #ApplicationSecurity #ProductSecurity #Reachability

AI sprint cycles get shorter every quarter, yet two security gaps widen: exploitable open-source code and unmanaged non-human identities (NHI). Those gaps framed “Precision Security for the AI Era,” a Boston dinner hosted by Hopper Security and Entro Security. Open-source risk needs precision, not volume Industry field studies show that over four out of five OSS alerts are false positives, burying teams in noise. Hopper’s function-level reachability traces real execution paths to vulnerable functions and cuts false-positive alerts by 93 percent, onboarding in minutes with read-only Git access (Hopper Security, 2025). Gartner’s Guidance Framework for Vulnerability Management recommends risk-based prioritisation over raw CVE counts; the model Hopper delivers (Gartner, 2025b). Secrets and service accounts are now non-human identities Gartner predicts that in 2025, NHIs will outnumber human accounts 4 to 1 in most enterprises and require continuous discovery and governance (Gartner, 2025a). Entro inventories every API key, token, and service account at creation, enriches each with business context, and monitors behaviour through rotation or revocation (Entro Security, 2025). Gartner also named Entro a Cool Vendor in Identity-First Security for its near-real-time NHI governance (Gartner, 2023). Why this matters Compressed sprints leave no buffer for multi-week incident response. Pairing function-level OSS analysis with lifecycle NHI governance lets security teams focus on the vulnerabilities and credentials attackers can reach. Early adopters report recovering 8 percent of developer capacity once lost to non-exploitable alerts (Hopper Security, 2025); roughly one extra engineer per 12-person team. Next steps for the community • Share your metrics on false-positive reduction and NHI growth so we can benchmark progress. • Add questions or lessons learned in the comments to keep the dialogue moving. Thank you to Hopper Security, Entro Security and all attendees for a data-driven conversation on precision security. References appear in the first comment. #AIsecurity #OpenSourceSecurity #NonHumanIdentities #DevSecOps #CyberRisk

We’re teaming up with Entro Security for an exclusive dinner in Boston this Wednesday, bringing together security leaders for an evening of food, drinks, and open conversation. The focus: how teams are tackling real-world risks in the age of AI, from managing non-human identities and secrets to cutting through noise in open source and AppSec. No sales decks. Just smart people, great food, and Beacon Hill views. Want to join us? Request your spot here: https://xmrrwallet.com/cmx.plu.ma/hznee2vd #AppSec #AI #SecretsManagement #CybersecurityLeadership #BostonEvents #HopperSecurity #EntroSecurity

NYC friends, let’s make July 16 one for the defenders. Hopper Security is teaming up with DoControl, Armis, AWS, Trustifi , Entro Security, and Cyvore to bring the security community together for an evening of food, drinks, skyline views, and real conversation. No panels. No pitches. Just security leaders, practitioners, and builders connecting over what actually matters. If you’re in AppSec, product security, or just neck-deep in vuln triage, we’d love to see you there. 🗓 Wednesday, July 16 📍 Jay Suites Grand Central, 369 Lexington Ave, 3rd Floor 🎟 Free to attend, RSVP here: https://xmrrwallet.com/cmx.plnkd.in/d-6Y4qQF

CALLING ALL OUR NYC SECURITY PROS! ☎️👀 Time is running out! Don’t miss the NYC networking event of the summer: 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐔𝐧𝐝𝐞𝐫 𝐭𝐡𝐞 𝐒𝐮𝐧 🌆🍸 Together with our sponsors, Armis, Hopper Security, Amazon Web Services (AWS), Entro Security, Cyvore, & Trustifi we’re bringing the NYC security community together for a much needed in-person event. Join us on July 16th for an unforgettable evening of free food & drinks, stunning skyline views, and some serious swag! 📅 Wednesday, July 16th 📍 Jay Suites Grand Central – 369 Lexington Ave, 3rd Floor 🔗 HURRY! Only a few spots left → https://xmrrwallet.com/cmx.plnkd.in/dpqNAVxs Finally, NYC’s best in sec will all be under the same roof(top)! See you there! #Cybersecurity #NYCEvents #Networking #InfoSec #SecurityCommunity 

✨ Today we launched Grace, Hopper Security’s new MCP server that turns your open-source security data into live, automated workflows. ✨ Developers are tired of security tools that generate noise but can’t take action. Grace connects AI agents directly to your Hopper data, turning insights into automated workflows using natural language. It plugs into MCP-compatible tools like Claude, Cursor, and Cline, so you can ask questions like: “Fix all reachable critical vulns in <YourRepoName>” And Grace will: ▪️ Analyze reachability ▪️ Build a fix plan ▪️ Prepare a pull request Behind the scenes: ▪️ Hopper exposes security APIs as tools via MCP ▪️ Agents discover and invoke them automatically ▪️ MCP chains requests across services to enable full workflows This is real automation, grounded in your actual app state. No guesswork. No boilerplate. Just security that works like code. Learn more in Noy Duany blog: https://xmrrwallet.com/cmx.plnkd.in/dhhiZUvE #Engineering #AppSec #MCP #ReachabilityAnalysis #DevTools #OSS #GraceByHopper