Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

IT Security

OpenSSF warns of Open Source Social Engineering Threats

Summit Highlights Open Source Software Security Progress

| | open source, OpenSSF, software security, Software Supply Chain Security
The OpenSSF hosted a Secure Open Source Software (SOSS) Summit 2023 event during which it made available a Secure Open Source Software Vision Brief 2023 ...
Qwiet, ai, Lineaje, AI, agents, Cycode, SAST, analysis, Black Duck, open-source, coding, DevSecOps, OpenText, Process, DevSecOps, ASPM, Cycode SecOps GitLab Quali SigStore OWASP DevSecOps vulnerabilities security Pulumi DevSecOps Analyzing Code for Security Vulnerabilities

Survey Surfaces Spike in Generative AI Usage Across IT

| | generative AI, secops, software security, Synopsys
A survey of DevOps and SecOps leaders found nearly all are making use of generative artificial intelligence (AI) ...
GitOps, resilience, security code, resilience, c-suite, Gremlin EU open source Cyber Resilience Act Mend whitesource

Gremlin Adds Detected Risk Tool to Chaos Engineering Service

| | chaos engineering, Gremlin, risk, SRE, threat detection
Gremlin's risk detection capability in its chaos engineering service automatically identifies issues that could cause outages along with recommendations to resolve them ...
Styra open source Web GitHub DevSecOps security Dynatrace Sophos Web Isolation and Secure Web Gateways with Menlo Security

Styra Makes Source Code Available for Enterprise Edition of OPA

| | compliance, enterprise, OPA, Open Policy Agent, software security, Styra
Styra is making the Open Policy Agent (OPA) enterprise code available under a license that enables IT teams to modify or change the underlying code as they see fit ...
Snyk DigiCert ReversingLabs vulnerabilities supply chain

Snyk Survey: AI Generating More Vulnerabilities in Code

| | appsec, artificial intelligence, generative AI, secure coding, Snyk, software security
A Snyk survey finds the use of artificial intelligence (AI) to write code is creating a software security paradox ...
GitOps, trends, GitOps DevSecOps reachability risk ServiceNow

Extending the GitOps Pipeline: DevSecOps and Trusted Application Delivery

| | application delivery, devsecops, gitops, software security, supply chain security, trusted application delivery
The fusion of DevSecOps and trusted application delivery can extend the GitOps pipeline and add business value ...
ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping

Palo Alto Networks Extends CNAPP to CI/CD Platforms

| | CI/CD, cloud-native applications, CNAPP, Palo Alto Networks
Palo Alto Networks' CNAPP now includes the ability to secure continuous integration/continuous delivery (CI/CD) platforms ...
crowdtesting New Relic testing Applause DevOps DAST Applause testing

New Relic Adds App Security Testing Tool to Observability Platform

| | application security, appsec, continuous testing, New Relic, testing
New Relic made available a public preview of an application security testing tool that will be integrated into its observability platform ...
Postman Acquires Akita Software to Gain API Observability

Postman Acquires Akita Software to Gain API Observability

| | Akita Software, APIs, devops, observability, Postman, software development
Postman has acquired Akita Software to gain access to a platform for monitoring and observing application programming interfaces (APIs) ...
crowdtesting New Relic testing Applause DevOps DAST Applause testing

Shift Left With DAST: Dynamic Testing in the CI/CD Pipeline

| | application security, CI/CD, continuous testing, DAST, pipeline security
By focusing on application security like an attacker would, DAST can discover potential security threats that static testing methods might miss ...
SonarSource, LLMs, code data, agentic, JFrog, security, devsecops, Digma, code, Go, code, kernel, eBPF, Veracode GitKraken JFrog GitGuardian organizations, quality fear unknown software app Rust Contrast Security Adds API Support to Application Security Platform

JFrog Adds Curation Capability for Open Source Software Components

| | binaries, jfrog, licensing, open source, software, software security
JFrog is adding a curation capability for open source software that will use metadata generated by binaries to identify malicious packages and software components with licensing issues ...
application, vulnerabilities, devsecops, developers, appsec, tool, appsec, Bionic modernization DevSecOps AppSec Cortex materialized view SIEM

Bionic Extends Application Security Posture Management Platform

| | application security, ASPM, Bionic, Cybersecurity, posture management
Bionic this week added a pair of tools to its application security posture management (ASPM) platform that make it simpler to triage threats based on severity and attach a risk score. Josh ...
Show More