DevSecOps
From Code to Cloud: How Full-Stack Developers are Taking Over DevOps
Full-stack developers are taking on DevOps, using CI/CD, Docker and Terraform to own the software lifecycle from code to cloud ...
How AI is Shaping Modern DevOps and DevSecOps
AI is reshaping DevOps and DevSecOps by improving CI/CD workflows, DORA metrics and security without adding unnecessary complexity ...
Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM
Jeff Burt | | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCPThe supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...
Future Proofing the Foundation for AI-Ready Security Operations
Last December, the International Telecommunication Union (ITU), the United Nations’ (UN) body for information and communication technologies, supported Open Cybersecurity Schema Framework (OCSF) for ratification as an international standard by June 2026. Standardization is ...
Secure Code Warrior AI Agent Applies Policies to AI Generated Code
Secure Code Warrior (SCW) this week added an artificial intelligence (AI) agent that both identifies code generated by an AI coding tool and automatically applies the appropriate governance policies. Company CEO Pieter ...
Checkmarx Adds Orchestration Framework to DevSecOps Platform
Checkmarx this week revamped its DevSecOps platform to include an orchestration framework for managing tasks assigned to artificial intelligence (AI) agents. Additionally, the company has added two additional artificial intelligence (AI) agents ...
Arcjet Extends Runtime Policy Engine to Block Malicious Prompts
Arcjet today added an ability to detect and block risky prompts before they are shared with a large language model (LLM) embedded within an application. The Arcjet AI prompt injection protection capability ...
Secure DevOps at Scale: Integrating SRE, DevSecOps and Compliance
Johnbosco Ejiofor | | agile development, cloud-native security, compliance automation, devsecops, enterprise applications, regulatory standards, SaaS development, Secure DevOps, security and reliability, site reliability engineeringEnterprises developing SaaS products face the challenge of balancing innovation, security, and compliance. By adopting Secure DevOps practices—integrating security into every stage of development—and implementing site reliability engineering (SRE), organizations can enhance ...
Veracode Extends Package Firewall Reach to Microsoft Artifacts
Veracode has extended the reach of a Package Firewall that applies policies that limit what types of code can be downloaded from a repository to Azure Artifacts from Microsoft. Additionally, DevSecOps teams ...
7 Cybersecurity Tips for 2026 No One Will Tell You About
Alexander Williams | | attack surface management, breach prevention strategies, CI/CD pipeline security, cybersecurity 2026, DevSecOps culture, human factors in cybersecurity, incident response training, infrastructure security habits, modern security threats, operational security risks, security documentation best practices, security hygiene, security process failures, security resilience, shadow IT integrations, vendor default risks, workflow securityNothing about 2026 feels stable anymore, especially in security. Attacks move faster than your monitoring stack, AI tools leak data behind your back and everyday convenience apps quietly turn into intrusion points. The biggest threats aren’t the ...
Three Encryption Resolutions for DevSecOps in 2026
Jaya Mehmie | | AI supply chain attacks, automated certificate management, CA/B Forum code signing rules, certificate lifecycle management, CI/CD pipeline security, code signing certificates, dependency scanning security, DevSecOps compliance, DevSecOps New Year resolutions, DevSecOps supply chain security, open source supply chain risk, PKI for DevSecOps, secure software development lifecycle, self-signed certificate risks, software supply chain attacksAs supply chain attacks surge and AI-powered threats grow, DevSecOps teams must strengthen CI/CD security. Learn why PKI, code signing, and certificate automation are critical in the year ahead ...
The MLSecOps Era: Why DevOps Teams Must Care about Prompt Security
Alex Vakulov | | AI attack surface, AI chaos testing, AI Governance, AI supply chain risk, autonomous agent security., CI/CD pipeline security, CodeShield, DevOps AI, ISO 42001, LlamaFirewall, LLM security, MLSecOps, model drift, NIST AI RMF, prompt injection, prompt validation, PromptGuard, PromptOps, RBAC for AI, red team AI, runtime monitoring, secure AI pipelinesAI-driven software delivery introduces new risks, especially prompt manipulation within CI/CD workflows. This article details the emerging fields of PromptOps and MLSecOps and offers practical strategies for securing prompts, models, and pipelines ...
