DevOps.com

Where the world meets DevOps

DevSecOps

ShiftLeft

ShiftLeft Brings Security Workflows to DevOps Processes

| | devsecops, security, software development
ShiftLeft has updated its NextGen Static Analysis (NG SAST) tool to include workflows that are purpose-built for developers. Company CEO Manish Gupta said the security workflows are designed to make it easier ...
open source

Snyk Report Finds Decline in Open Source Vulnerabilities

| | application development, containers, devsecops, open source
Snyk, a provider of tools for discovering and remediating vulnerabilities in open source code, today published a report that finds the number of new vulnerabilities discovered in open source software packages has ...
DevSecOps

SaltStack Looks to Automate DevSecOps Processes

| | automation, automation framework, devops, devsecops, open source
SaltStack announced today it has integrated its automation framework with a variety of third-party security platforms to further the adoption of best DevSecOps processes. Mehul Revankar, director of product management for SaltStack, ...
DevOps

The Secret to Winning at DevOps: Are You Up for the Challenge?

| | automation, developers, DevOps practices, devops teams, devsecops, IT operations, sdlc
The main idea behind DevOps is to enable companies to keep up with the increased software velocity and advancements in agile culture for a smoother end-to-end software delivery cycle. The main goal ...
SPIFFE

CNCF Elevates SPIFFE Spec to Secure App Services

| | application security, authentication, CNCF, developers, open source, Secure Production Identity Framework For Everyone, SPIFFE, SPIFFE Runtime Environment, SPIRE
The Technical Oversight Committee (TOC) of the Cloud Native Computing Foundation (CNCF) announced that the open source Secure Production Identity Framework For Everyone (SPIFFE) specification and the SPIFFE Runtime Environment (SPIRE) have ...
DevSecOps, federal agencies

Why DevOps and Federal Agencies Need Each Other

| | change management, devops, devsecops, federal agencies, Remote work, tech industry
In times of crisis, the U.S. government needs to bring in tech tools fast to help solve the problem. First, now is a vulnerable time and weaknesses are exposed in telework infrastructure ...
Mobile app, security, app security

COVID-19, the New Normal and the Indisputable Importance of Mobile App Security

| | app development, app security, COVID, eventbot, mobile apps, multi-factor authentication, new normal, SDKs, software development kit
As the United States emerges from COVID-19 lockdown, it’s not back to business as usual. COVID-19 remains a very serious risk, and until a vaccine or treatment arrives, we will all need ...
GitLab

GitLab Adds Fuzz Testing to DevSecOps Toolbox

| | acquisitions, CI/CD, devsecops, fuzz testing, shift left
GitLab today announced it has acquired Peach Tech, a provider of protocol fuzz testing and dynamic application security testing (DAST) API testing tools, and Fuzzit, a continuous fuzz testing tool, as part ...
DevSecOps, DevOps, Security

3 DevOps Security Best Practices Your Organization Can’t Afford To Ignore

| | CI/CD, DAST, devsecops, Dynamic Application Security Testing, GitLeaks, SAST, secure pipeline, Static Application Security Testing
CI/CD pipelines are at the core of daily operations for many businesses today. These processes, when set up correctly, help to keep the delivery process consistent by automating many manual tasks and ...
DevSecOps, agile

DevSecOps vs. Agile Development: Putting Security at the Heart of Program Development

| | agile development, CI/CD, continuous delivery, continuous integration, Department of Defense, devsecops, DoD, software security
Despite most developers and managers being well aware of the concept of DevSecOps, it is still often confused with a number of related processes and concepts. This is particularly true for the ...
Eggplant testing

How DevOps Powered by AI and Machine Learning Is Delivering Business Transformation

| | ai, artificial intelligence, devsecops, digital transformation, digitization, machine learning
The use of artificial intelligence (AI) and machine learning (ML) is fundamentally changing the way we think about DevOps. Most notably, it is delivering a new form of DevOps that recognizes the ...
SonicWall

Who’s Responsible for Security? Apparently, It Depends

| | developers, devops, devsecops, IT security, security teams, shift left
More than 10 years after organizations began implementing DevOps, responsibility for security still resembles the proverbial chicken and egg dilemma. GitLab's 2020 Global DevSecOps Survey asked developers, security team members, operations pros and ...