Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

IT Security

Lineaje, AI, agents, Cycode, SAST, analysis, Black Duck, open-source, coding, DevSecOps, OpenText, Process, DevSecOps, ASPM, Cycode SecOps GitLab Quali SigStore OWASP DevSecOps vulnerabilities security Pulumi DevSecOps Analyzing Code for Security Vulnerabilities

Cycode Brings Generative AI to App Security Posture Management

| | application security, appsec, ASPM, Cycode, generative AI, posture management, vulnerabilities
Cycode's generative AI capabilities in its ASPM platform make it simpler for DevSecOps teams to identify the root cause of vulnerabilities ...
AWS, SageMaker, pipelines, CI/CD, ReversingLabs DevOps jobs AIOps

ReversingLabs Applies AI to Better Secure Application Binaries

| | application development, binaries, ReversingLabs, software development, Software Supply Chain
ReversingLabs launched a binary analysis tool that uses machine learning algorithms to identify risks before and after apps are deployed ...
code data, agentic, JFrog, security, devsecops, Digma, code, Go, code, kernel, eBPF, Veracode GitKraken JFrog GitGuardian organizations, quality fear unknown software app Rust Contrast Security Adds API Support to Application Security Platform

Veracode Report Shines Spotlight on Massive Application Security Debt

| | application security, flaws, Software Supply Chain, Veracode, vulnerabilities
In an analysis of more than a million applications, Veracode found 42% contained flaws that remained unfixed for longer than a year ...
APIs, secure, RapidAPI Hasura GraphQL APIs Speedscale API sprawl Postman 42Crunch API security ASCI

Squaring the Circle: How to Make Public APIs Private

| | APIs, appsec, devsecops, software security, vulnerabilities, zero-trust security
Many API attacks are effectively zero-day, novel attacks that exploit recent and unique changes to specific APIs. Here's how to stop them ...
Legit Security syslogs HashiCorp Checkmarx Synopsys Cycode CodeLogic scanning Contrast Security secrets scan dynamic

Legit Security Adds Sensors to Detect Usage of Gen AI Tools to Write Code

| | ASPM, coding assistants, devsecops, generative AI, Legit Security, software development
Legit Security updated its ASPM platform with the ability to detect when developers use generative AI tools to write code ...
features, supply chain IDP GitLab Gearset Salesforce open source CircleCI

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive

| | devsecops, Git repositories, software vulnerabilities, supply chain
A survey found the vast majority of respondents work for organizations that experienced a software supply chain incident in the past 12 months ...
Pulumi, secrets, GitHub, repository, secrets, legit security, leaking, software, GitGuardian secrets code Secrets BluBracket SaaS

GitGuardian Allies With CyberArk to Better Protect App Secrets

| | application security, cyberark, GitGuardian, Secrets, secrets management
GitGuardian has allied with CyberArk to streamline secrets detection and management by making it easier to share insights ...
OpenSSF warns of Open Source Social Engineering Threats

OX Security Optimizes DevSecOps to Improve Application Security

| | devsecops, OX Security, software security, supply chain security
OX Security updated its ASPM platform to enable DevSecOps teams to instantly identify applications with vulnerable code ...
orca, security, source code, Cycode cloud Atlassian Snyk Security Compass DevSecOps JFrog Trend Micro open source Copado devSecOps OpenSSF

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project

| | Bazel, CI/CD, Cycode, google, open source, software testing
Cycode discovered a command injection vulnerability in the way GitHub Actions updated Google's open source Bazel project ...
Snyk app modernization, security, DevOps teams, app development, OutSystems democratization application app modernization

Snyk Acquires Helios to Extend Reach of ASPM Platform

| | application security, appsec, developers, Helios, posture management, Snyk
With its Helios acquisition, Snyk plans to add an ability to capture application runtime data to extend the capabilities of its ASPM platform ...
devsecops, applications, devops security policy management Virtual DevSecOps Conference Shifting Left

5 Security Threats DevOps Teams Should Know

| | application security, code scanning, devops security, devsecops, network filtering
DevOps security (DevSecOps) is about breaking down silos and promoting open collaboration across teams ...
application, tools, vulnerability Backstage Endor Labs Application Development Security vulnerability AppDynamics security vulnerability

Survey: Widespread Inability to Remediate App Vulnerabilities

| | application security, appsec, developer training, devsecops, Secure Software, Security Journey
A survey found only 20% of IT and security professionals are confident in their ability to detect a vulnerability before an app is released ...
Show More