DevSecOps
Why DevSecOps Isn’t a Thing Yet
One of the biggest obstacles to DevSecOps adoption is the cultural gap between development, security, and operations teams ...
Shift Left Alone is No Longer Enough, Runtime Context is Key
For a long time, security teams have been told that shifting left is the key to securing their apps and systems. And until recently, this was (mostly) sufficient. As long as security ...
JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain
JFrog and NVIDIA today announced they have expanded the integrations between their software development platforms to now include the Enterprise AI Factory, a set of frameworks and blueprints for building artificial intelligence ...
DevEx Got You This Far: What’s Next for True DevSecOps Maturity?
The journey toward integrating security into the fast-paced world of DevOps has seen significant strides, largely thanks to a much-needed focus on the developer experience (DevEx). Collectively, the AppSec community and industry ...
Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains
Checkmarx, this week, reported it has discovered malicious software packages that, in addition to injecting malware capable of bypassing endpoint security to exfiltrate data, also provide persistent remote access and control of ...
Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts
A survey of 110 security leaders finds all are investing in software supply chain security, with application security posture management (ASPM) and DevSecOps automation and orchestration topping the priority list, followed closely ...
Simplifying Authorization at Scale: The Importance of DevOps Workflows with Flexible, Scalable and Secure Access Control
Rakan AlZagha | | access control, Authorization-as-a-Service, cloud-native security, devops, microservices, policy as code, scalable authorizationDevOps has transformed how developers build, deploy, and manage infrastructure and applications, making automation, scalability and rapid iteration core to modern development workflows. While much of the software delivery process has evolved, authorization ...
Continuous Compliance for Cloud-Native CI/CD Pipelines
Manvitha Potluri | | Audit-ready pipelines, CI/CD, cloud-native, continuous compliance, devsecops, Infrastructure as Code (IaC), policy as code, Regulatory automationHow DevOps teams can embed auditability without sacrificing delivery speed ...
AI-Powered DevSecOps: Navigating Automation, Risk and Compliance in a Zero-Trust World
Michelle Buckner | | AI in DevOps, CI/CD pipeline security, cloud security best practices, continuous compliance, DevOps compliance, FedRAMP DevOps, GRC automation, microservices security, NIST compliance, security automationBreaking down how artificial intelligence (AI) is reshaping DevSecOps, the security pitfalls that come with it and how to balance the raw efficiency of automation with the actual realities of risk mitigation ...
Harmonizing AI-Driven DevOps: Building Secure, Self-Healing Pipelines With AWS Bedrock and SageMaker
Dinesh Besiahgari | | AI-Driven DevOps, Amazon SageMaker, AWS Bedrock, CI/CD Automation, devsecops, Self-Healing PipelinesThe combination of SageMaker and Bedrock enables DevOps teams to develop secure self-healing pipelines through AI harmonization, which transforms software delivery processes ...
ArmorCode Makes Anya AI Agent Generally Available
ArmorCode at the 2025 RSA Conference this week made generally available Anya, an artificial intelligence (AI) agent added to its application security posture management (ASPM) platform that has specifically been trained to ...
Lineaje Leverages AI Agents to Secure Open Source Packages and Images
Lineaje has added artificial intelligence (AI) agents that leverage multiple types of code scanners to ensure the open-source software packages and artifacts being used by application developers are truly secure ...
