DevSecOps
npm v12 Is Coming in July — Here’s What Developers Need to Do Now
For years, running npm install meant trusting that whatever code got pulled in would behave itself. That trust was often misplaced. Starting in July 2026, npm v12 changes the rules. Install scripts ...
IronWorm Malware Shares Shai-Hulud Traits, Takes Threat to ‘Next Level’
Jeff Burt | | ebpf, IronWorm, jfrog, malware, Miasma, OX Security, Rust programming language, Shai-Hulud worm, software developers, software supply chain attacks, TeamPCPOpen source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with ...
Harness Acquires Codecov to Identify Untested Code
Harness this week acquired Codecov, a provider of a platform that analyzes the percentage of a codebase that has been tested, from Sentry. Brad Rydzewski, a senior vice president and general manager ...
Regression Testing Tools in the Age of AI-Assisted Development: What Has Changed
Sophie Lane | | AI-assisted development, devsecops, regression testing tools, software testing, test automationFor most of the past decade, the conversation around regression testing tools was fairly stable. The tools got faster, the integrations got smoother, and the underlying approach stayed largely the same: write ...
Can Chainguard Save Open-Source Software From Mythos? Can Anyone?
IBM and Red Hat aren't the only ones that mean to lock down open-source code against AI hacking tools. Last week, IBM and Red Hat launched Project Lightwell to protect open-source projects ...
OWASP Adopts CVE Lite CLI to Boost Dependency Scanning
Checking for dependency vulnerabilities in freshly developed software is usually done near the end of the build process. Remediation at that point can be tricky. Now, JavaScript and TypeScript developers can check ...
AI Agents in CI/CD Pipelines: Speed vs Control in Modern DevOps
The moment you push your code, deployment fires off on its own. The pipeline kicks in, the tests sail through, and within a few minutes your app is live in production. There ...
OpenSSF’s CRob: ‘The Runway Is Rapidly Running Out’ on EU CRA Readiness
The EU's Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how they must obey its strictures. MINNEAPOLIS — At Open Source Summit North America, Christopher ...
AWS Security Agent Brings Full Repository Code Scanning to Preview
Security teams have long relied on static analysis tools to catch vulnerabilities before code ships. Those tools are useful, but they have a fundamental limitation: they match code against known patterns. They ...
Hacktron Plans to Build AI Platform to Test Code for Vulnerabilities
Hacktron revealed today it is developing a platform that leverages artificial intelligence (AI) to continuously test code for vulnerabilities. Fresh off raising $2.9 million in seed capital, Hacktron founder Zayne Zhang said ...
OpenAI’s Daybreak Challenges Anthropic in AI Cybersecurity Race
OpenAI has moved deeper into enterprise cybersecurity with the launch of Daybreak, a platform that identifies software vulnerabilities, validates fixes, and speeds up patching workflows using AI models and its Codex Security ...
Vercel’s deepsec Brings AI-Powered Security Scanning Into the Development Workflow
Security has long been the last item on the checklist. Code gets written, reviewed, merged—and then, somewhere down the line, a security team takes a look. That model worked when development moved ...
