Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

DevSecOps

ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

Report: Commerical Software Just as Vulnerable as Open Source

| | ai, devsecops, open source, Secrets, Software Supply Chains, vulnerabilities
An analysis published by ReversingLabs, a provider of tools for securing application development environments, suggests that commercial software used in software supply chains is just as vulnerable as open-source code ...
application, vulnerabilities, devsecops, developers, appsec, tool, appsec, Bionic modernization DevSecOps AppSec Cortex materialized view SIEM

Report: Bulk of Application Vulnerabilities Don’t Require Immediate Attention

| | appsec, cybercriminals, devsecops, vulnerabilities
An analysis of more than 101 million application security alerts conducted by OX Security, a provider of an application security posture management (ASPM) platform, finds only 2% to 5% require immediate action, ...
code-to-cloud security, organizations, GPU cloud automation Dell Microsoft Azure AWS repatriation cloud Cloud-Native IoT, cloud security

Demystifying Code-to-Cloud Security 

| | Cloud Security, Code-to-cloud
Code-to-cloud security is considered the future of application security, as it helps lower expenses, prevents data breaches and ensures compliance infringement, thereby protecting an organization’s reputation.  ...
devsecops, AI, security, developers, organizations, code, SBOMs, DevSecOps

Securing the Future: DevSecOps in the Age of Artificial Intelligence 

| | ai, devops, devsecops
Why DevSecOps is a critical discipline in the AI era, the benefits and challenges of integrating AI into DevSecOps pipelines and why it provides a framework for successfully adopting these emerging technologies.  ...
The DevOps Bottleneck: Why IaC Orchestration is the Missing Piece

The DevOps Bottleneck: Why IaC Orchestration is the Missing Piece

| | automation, devops, IaC, security
If you work in DevOps, you’ve heard it a thousand times: “Do more with less.” More automation, more security, more reliability—but with the same (or fewer) people. Meanwhile, your development teams keep ...
JFrog, security, devsecops, Digma, code, Go, code, kernel, eBPF, Veracode GitKraken JFrog GitGuardian organizations, quality fear unknown software app Rust Contrast Security Adds API Support to Application Security Platform

JFrog Survey Surfaces Limited DevSecOps Gains

| | devops, devsecops, security, supply chain security
A global survey of 1,402 application developers, cybersecurity and IT operations professionals finds 71% work for organizations that, despite any potential vulnerabilities, still allow developers to download packages directly from the internet ...
Pulumi, secrets, GitHub, repository, secrets, legit security, leaking, software, GitGuardian secrets code Secrets BluBracket SaaS

Pulumi Extends Security Reach to Include Managing Secrets and Policy-as-Code

| | devops, devsecops, Secrets
Pulumi today extended the reach of its Environments, Secrets and Configurations (ESC) platform for managing infrastructure-as-code (IaC) into the realm of DevSecOps by adding the ability to manage secrets and implement policies ...
repositories, GitHub, Arm, extension, GitHub, Copilot, Git, bloat, malicious, GitLab, memory-safe, CISA, agency, Skillsoft GitHub GitKraken code QA

GitHub Action Compromise Risks Data Leaks for 23,000 Repositories

| | GitHub Actions, leaked secrets, Python, software supply chain attacks
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...
Legit, DevSecOps, intelligent continuous security, compliance, teleport, security, Erawan, DevSecOps, git workflows DevOps, DevSecOps, security, developer,

Bridging the Dev and SecOps Gap: How Intelligent Continuous Security Enables True End-to-End Security

| | Artificial intelligence (AI), devsecops, Intelligent Continuous Security, secops
Intelligent Continuous Security (TM) (ICS) is the next evolution — harnessing AI-driven automation, real-time threat detection and continuous compliance enforcement to eliminate these inefficiencies. ICS extends beyond DevSecOps to also close security ...
SAST, DevSecOps, Tidelift, GenAI, software, security, devsecops, AI, AISecOps Digital.ai transformation DevOps security mobile DevSecOps Dynatrace Extends Reach of Application Security Module

Sonar Combines SAST and SCA Tools in Single Offer

| | AI coding tools, devsecops, SDLC security, security
Sonar today revealed it will at the end of May add an offering that combines its Static Application Security Testing (SAST) tool with the software composition analysis (SCA) tools it gained with ...
code security

DeepSource Open Sources Globstar Alternative to Semgrep to Analyze Code

| | analyze code, code, devops, devsecops, scan code
DeepSource has made available an open source static code analysis tool, dubbed Globstar, that DevSecOps teams can employ to embed code checkers in their pipelines ...
Legit security, vulnerability, Harness,Traceable, DevSecOps, SDLC, Tidelift, DevSecOps, code, open source, AWS, devsecops, Digital.ai DevSecOps business SDLC Integrating Security in the Development Process with DevSecOps

Legit Security Extends ASPM Platform to Provide More Vulnerability Context

| | AOIs, devsecops, SBoM, vulnerabilities
Legit Security this week added an ability to determine the level of risk a vulnerability actually represents to its application security posture management (ASPM) platform ...
Show More