DevSecOps

AWS Extends Cloud Security Reach to Include DevSecOps Tools to Scan Code
Amazon Web Services (AWS) this week made Amazon Inspector, a code scanning tool for surfacing vulnerabilities that is designed to be natively integrated with GitHub and GitLab platforms, generally available. Announced at ...

Survey Surfaces Uneven Adoption of SBOMs to Secure Software
A survey of 100 security professionals finds nearly half (48%) of security professionals admit their organizations are falling behind on meeting software bill material (SBOM) requirements as specified by the U.S. Office ...

North Korean Bad Actor’s Fake Job Offer Scam Targets Developers
Freelance developers around the world are being targeted by North Korean bad actors posing as job recruiters who as part of the fake application process entice them to run software jobs that ...

6 Essential Components of a Successful Security ‘Rewards Program’ for Software Developers
The software development industry could use a rewards program especially when it comes to ensuring a ‘security first’ mindset among developers ...

Breaking Free from Ransomware: Securing Your CI/CD Against RaaS
For developers, few things are more precious than their codebase. Yet, a chilling trend is emerging: Ransomware-as-a-service (RaaS) attacks targeting CI/CD pipelines, holding valuable code hostage ...

CloudBees Acquires Launchable to Advance Testing Using AI
CloudBees today revealed it has acquired Launchable, a provider of a test automation platform, to enable DevOps teams to improve both application security and software quality. Financial terms of the acquisition are ...

Lineaje Adds Module to Manage Open Source Software Security Lifecycle
This can help DevSecOps teams identify open source software projects that are not being well maintained ...

Sumo Logic Previews GenAI Tool to Improve DevSecOps Observability
Sumo Logic this week at the RSA Conference previewed a copilot that leverages generative artificial intelligence (AI) to make it simpler for IT and cybersecurity professionals of varying levels of experience to ...

What OpenTofu 1.7 Means for DevSecOps
With built-in end-to-end encryption, OpenTofu is a natural DevSecOps fit ...

Datadog DevSecOps Report Shines Spotlight on Java Security Issues
Datadog today published a State of DevSecOps report that finds 90% of Java services running in a production environment are vulnerable to one or more critical or high severity vulnerabilities introduced by ...

Microsoft kills Python 3.7 ¦ … and VBScript ¦ Exascaling ARM on Jupiter
In this week’s #TheLongView: VS Code drops support for Python 3.7, Windows drops VBScript, and Europe plans the fastest ARM supercomputer ...

80% of Bosses ‘Regret’ Stopping WFH ¦ PSA: Disable STS!
In this week’s #TheLongView: Rethinking return-to-office mandates and a ridiculous, ancient Windows bug ...