DevSecOps

Open Source Software Security Concerns with Spike Curtis
Spike Curtis, principal engineer for Coder Technologies, dives into why open source software security concerns are valid, and why the only viable option is to invest more in securing software supply chains ...

How to Prove That Your Security-Aware Developers are a Cut Above the Rest
Security-aware developers are the best first line of defense an organization can have when it comes to software security ...

DevOps Security Metrics
In this article, we explore key metrics that can help bridge the gap between the speed of DevOps processes and the essential security requirements needed to protect systems effectively ...

CISA Pushes Steps to Better Secure Software and Product Designs
The country’s top cybersecurity agency is urging developers to take steps to ensure the software they’re building and the products they roll out are secure and protect end users. The Cybersecurity and ...

Sonar Acquires Tidelift to Extend DevSecOps Reach Into Open Source Software
Sonar today revealed it has agreed to acquire Tidelift to gain access to third-party open-source code that it plans to integrate into its static code analysis tools ...

DefectDojo Adds Ability to Normalize DevSecOps Data to ASPM Platform
DefectDojo today added a universal parser to its application security posture management platform (ASPM) that makes it possible to normalize data ingested from any DevSecOps tools and platforms that expose data in ...

How an Effective AppSec Program Shifts Your Teams From Fixing to Building
Development teams are under growing pressure to build cutting-edge applications with shorter development lifecycles. However, they are often slowed down by the growing burden of fixing security vulnerabilities. Ineffective application security processes ...

Microsoft Enlists Endor Labs to Integrate SCA Tool with CNAPP
Microsoft has tapped Endor Labs to incorporate a software composition analysis (SCA) tool into its cloud-native application protection platform (CNAPP) ...

Checkmarx Extends DevSecOps Reach to Repository Security and Secrets Discovery
Checkmarx this week extended the scope of its ability to protect software supply chains with tools that access how secure a repository is and find where application secrets have been shared in ...

Four Steps to Balance Agility and Security in DevSecOps
Balancing agility and security in DevSecOps is achievable with the right mix of automation, collaboration and continuous feedback. By embedding security into agile processes, organizations can deliver software that is both fast ...

Update to Open Source WhiteRabbitNeo Project Brings Smarter AI to DevSecOps
Kindo today revealed that WhiteRabbitNeo, an open-source DevSecOps platform, has been updated to take advantage of improved large language models (LLMs) that generate more accurate outputs when resolving prompts related to offensive ...

AI Will Soon Automate DevSecOps Governance
The role cybersecurity teams play in ensuring applications are secure is about to become a lot more proactive in the age of artificial intelligence (AI) ...