DevSecOps

Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS
Checkmarx this week revealed it has added support for the Kiro artificial intelligence (AI) coding tool provided by Amazon Web Services (AWS) to its Checkmarx Developer Assist that leverages AI to surface ...

Bridging the Dev–Security Gap With Smarter Authorization
Software teams have always lived with a built-in tension – developers push to ship fast, while security teams pump the brakes to assess risk. Now, with AI flooding the enterprise, that friction ...

Arcjet SDKs Make It Simpler for Developers to Include Security Functions
Arcjet this week made available a software development kit (SDK) that makes it simpler for JavaScript developers to embed capabilities such as bot detection, rate limiting, email validation, attack protection and data ...

CodeHunter API Integrates Deterministic AI Models into DevSecOps Workflows
CodeHunter, a provider of behavioral malware analysis and threat intelligence tools, today announced it is making available an application programming interface (API) to make it simpler to embed the capabilities it provides ...

Rein Security Emerges to Analyze Reachability of Application Vulnerabilities
Rein Security has emerged from stealth to launch an application security platform capable of determining the reach of a vulnerability based on which libraries and application programming interfaces are actually running in ...

Legit Security AI Tool Uses Threat Feed to Identify Risks to Software Supply Chain
Legit Security this week added a threat feed that DevSecOps teams can use to instantly determine if a newly discovered vulnerability impacts their software supply chain. Built using the Legit VibeGuard tool, ...

Malicious VS Code Extensions Take Screenshots, Steal Info
Developers were the targets of two new malicious Microsoft Visual Studio Code (VS Code) extensions created by a threat actor that security researchers believe is experimenting with methods for delivering information-stealing malware ...

Second Coming of Shai-Hulud Cyberattack Ravages JavaScript Repositories
A major expansion of the self-propagating Shai-Hulud cyberattack aimed at popular node package managers (npms) used by JavaScript application developers is creating a major headache for DevSecOps teams around the globe. Based ...

Patch Management is Essential for Securing DevOps
Zero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...

Minimus Adds VEX Support to Managed Hardened Images Service
Minimus has extended its managed service for providing application developers with hardened images to include support for the Vulnerability Exploittability eXchange (VEX) format used to share data across multiple application security tools ...

ControlMonkey Adds Dashboard to Manage IaC Risk
ControlMonkey today added a risk index dashboard to its automation platform for managing code created using infrastructure as code (IaC) tools based on open-source Terraform software ...

Veracode Allies with Wiz to Bring More Context to DevSecOps Workflows
Veracode today revealed an alliance through which it will integrate its application security posture management (ASPM) platform with the cloud native application protection platform from Wiz ...

