DevSecOps
Six Steps Every Business Should Take to Protect Its Data
Data may or may not be the new oil but it is the growth engine of today’s digital age. Data about a company’s customers, products, services and sales is worth a lot ...
Free Remote Endpoint Protection Solution From Qualys
Qualys today announced it is offering a completely free, 60-day version of its cloud-based remote endpoint protection solution. The product is fully featured, with nothing turned off in the free version. It's ...
42Crunch Extends API Security Alliance With Microsoft
42Crunch this week announced it has extended an existing alliance with Microsoft to now include support for Microsoft Azure Pipelines for its REST API Static Security Testing Tool. Previously, 42Crunch only provided ...
The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 2)
In part one of this two-part series, I explored how organizations can more effectively automate security quality decisions and discard doing automation for automation’s sake. I shared why security scans need to ...
Catch Emerging Security Risks Earlier by Leveraging Kubernetes Audit Logs
Nitzan Niv | | container orchestration, K8s, kubernetes, kubernetes audit logs, security, security breachWhen a Kubernetes deployment suffers a security breach, it can be difficult for security teams to diagnose and identify the source of the intrusion and its impact. Each Kubernetes cluster may host ...
The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)
Chetan Conikee | | devops, sdlc, security, security automation, security scans, software development lifecycleToday’s organizations are increasingly benefiting from the modernization of the software development lifecycle (SDLC), including the adoption of cloud, DevOps, Agile methodologies, containers and more. Thanks to this modernization, organizations are innovating ...
Better Apps and Better Security When You Shift Left
Tony Bradley | | app security, CI/CD, cloud, containers, devops, security, security automation, shift leftTens of thousands of people and hundreds of cybersecurity vendors descended on San Francisco at the end of April. While the RSA Conference was the primary draw, there are a number of ...
Tenable Allies With Datadog to Drive DevSecOps
Mike Vizard | | APIs, datadog, devsecops, partnership, security data, Tenable, vulnerability scanningDatadog and Tenable have teamed up to enable organizations to adopt best DevSecOps processes. Tenable CTO Renaud Deraison said his company is making the cybersecurity data it gathers via its Nessus vulnerability ...
The DevSecOps Landscape is Maturing — We Want to Hear About Your Journey
The race to out-innovate one’s competition has led to high performing organizations chasing increased deployment velocities but often ignoring the quality of parts being used to manufacture their applications. It was 2003 ...
Cybersecurity Fears May Drive Shift to Managed DevOps
Mike Vizard | | DevOps platform, Jenkins, managed DevOps, managed services, open source, security vulnerabilityShould organizations consider using a managed service for DevOps to keep their platforms up to date and secure? The recent disclosure of a vulnerability that would allow open source Jenkins continuous integration/continuous ...
DevSecOps: A Renewed Commitment to Secure Delivery, Part 2
If done right, DevSecOps eliminates the cultural roadblocks that often prevent organizations from getting IT security proactively involved with development and operations. Barriers are the last thing any organization should contend with ...
Synopsys Advances DevSecOps via IDE Plugin
Synopsys has extended the static application security testing (SAST) and software composition analysis (SCA) of the Code Sight plugin it makes available for integrated development environments (IDEs). The latest iteration of Code ...
