Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

DevSecOps

Pulumi, secrets, GitHub, repository, secrets, legit security, leaking, software, GitGuardian secrets code Secrets BluBracket SaaS

Pulumi Extends Security Reach to Include Managing Secrets and Policy-as-Code

| | devops, devsecops, Secrets
Pulumi today extended the reach of its Environments, Secrets and Configurations (ESC) platform for managing infrastructure-as-code (IaC) into the realm of DevSecOps by adding the ability to manage secrets and implement policies ...
AI-based, software development, ai, code generation, repositories, GitHub, Arm, extension, GitHub, Copilot, Git, bloat, malicious, GitLab, memory-safe, CISA, agency, Skillsoft GitHub GitKraken code QA

GitHub Action Compromise Risks Data Leaks for 23,000 Repositories

| | GitHub Actions, leaked secrets, Python, software supply chain attacks
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...
Bridging the Dev and SecOps Gap: How Intelligent Continuous Security Enables True End-to-End Security

Bridging the Dev and SecOps Gap: How Intelligent Continuous Security Enables True End-to-End Security

| | Artificial intelligence (AI), devsecops, Intelligent Continuous Security, secops
Intelligent Continuous Security (TM) (ICS) is the next evolution — harnessing AI-driven automation, real-time threat detection and continuous compliance enforcement to eliminate these inefficiencies. ICS extends beyond DevSecOps to also close security ...
Sonar Combines SAST and SCA Tools in Single Offer

Sonar Combines SAST and SCA Tools in Single Offer

| | AI coding tools, devsecops, SDLC security, security
Sonar today revealed it will at the end of May add an offering that combines its Static Application Security Testing (SAST) tool with the software composition analysis (SCA) tools it gained with ...
code security

DeepSource Open Sources Globstar Alternative to Semgrep to Analyze Code

| | analyze code, code, devops, devsecops, scan code
DeepSource has made available an open source static code analysis tool, dubbed Globstar, that DevSecOps teams can employ to embed code checkers in their pipelines ...
Legit Security Extends ASPM Platform to Provide More Vulnerability Context

Legit Security Extends ASPM Platform to Provide More Vulnerability Context

| | AOIs, devsecops, SBoM, vulnerabilities
Legit Security this week added an ability to determine the level of risk a vulnerability actually represents to its application security posture management (ASPM) platform ...
Teleport Unifies Infrastructure and Application Workload Security

Teleport Unifies Infrastructure and Application Workload Security

| | devsecops, IT environments, non-human identity, Software Supply Chain Security
Teleport today added an offering that makes it simpler to declaratively secure IT infrastructure and workloads using short-lived X.509 certificates ...
DevSecOps

Why Has DevSecOps Failed? 

| | devsecops, sdlc
DevSecOps is failing because we underestimated the complexity of cultural transformation and the importance of human-centered tools ...
AI-based, software development, ai, code generation, repositories, GitHub, Arm, extension, GitHub, Copilot, Git, bloat, malicious, GitLab, memory-safe, CISA, agency, Skillsoft GitHub GitKraken code QA

North Korea’s Lazarus Group Targets Developers, Supply Chain

| | github, Lazarus Group, North Korea, NPM, Software Supply Chain
North Korea’s notorious Lazarus Group is using an advanced malicious implant to target cryptocurrency wallets and spreading it via legitimate GitHub profile and possibly through npm packages. The ongoing campaign, dubbed Operation Marstech ...
Open Source Software Security Concerns with Spike Curtis

Open Source Software Security Concerns with Spike Curtis

| | Coder Technologies, open source, security, software
Spike Curtis, principal engineer for Coder Technologies, dives into why open source software security concerns are valid, and why the only viable option is to invest more in securing software supply chains ...
How to Prove That Your Security-Aware Developers are a Cut Above the Rest

How to Prove That Your Security-Aware Developers are a Cut Above the Rest

| | developers, devops, secure-by-design, security, security training
Security-aware developers are the best first line of defense an organization can have when it comes to software security ...
DevOps Security Metrics 

DevOps Security Metrics 

| | devops, devsecops, security metrics
In this article, we explore key metrics that can help bridge the gap between the speed of DevOps processes and the essential security requirements needed to protect systems effectively ...
Show More