Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

DevSecOps

software, LLMs, engineering, Aigment Code, code, CrowdStrike, windows, Microsoft system outage crash software update

The MLSecOps Era: Why DevOps Teams Must Care about Prompt Security 

| | AI attack surface, AI chaos testing, AI Governance, AI supply chain risk, autonomous agent security., CI/CD pipeline security, CodeShield, DevOps AI, ISO 42001, LlamaFirewall, LLM security, MLSecOps, model drift, NIST AI RMF, prompt injection, prompt validation, PromptGuard, PromptOps, RBAC for AI, red team AI, runtime monitoring, secure AI pipelines
AI-driven software delivery introduces new risks, especially prompt manipulation within CI/CD workflows. This article details the emerging fields of PromptOps and MLSecOps and offers practical strategies for securing prompts, models, and pipelines ...
DevSecOps, security, DevOps

DevSecOps in Practice: Closing the Gap Between Development Speed and Security Assurance

| | application security automation, automated vulnerability scanning, CI/CD pipeline security, cloud and container security, continuous feedback loops, continuous security integration, developer security mindset, development speed and security balance, devsecops, DevSecOps best practices, risk-based security, SaferNet VPN, Secure DevOps, secure software development, security as code, security automation tools, security champions, security culture, shift left security, Software Supply Chain Security
In the world of modern software development, speed is king. Teams are under constant pressure to release features, fix bugs and stay ahead of competitors. Yet, as development velocity increases, so does ...
CISA, secure by design, ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

AppOmni Open Sources Heisenberg Tool to Scan Pull Requests for Dependencies

| | AppOmni, devops, devsecops, Heisenberg, SBoM
AppOmni has made available an open source tool that automatically scans pull requests (PRs) to flag risky or newly published dependencies before they are merged. Dubbed Heisenberg, the tool can also be ...
Securing the AI Era: How Development, Security, and Compliance Must Evolve

Securing the AI Era: How Development, Security, and Compliance Must Evolve

| | ai, compliance, devsecops, sdlc, security
The Code Boom and Its Paradox We are witnessing an unprecedented shift in how software is built. With the rise of AI copilots, automated agents, and low-code platforms, code is being produced ...
Oasis Security Identifies Security Weakness in Cursor AI Coding Tool

Oasis Security Identifies Security Weakness in Cursor AI Coding Tool

| | ai, Cursor, devsecops, Oasis Security
Oasis Security this week warned application developers of a security flaw in the Cursor artificial intelligence (AI) code editor developed by Anysphere, Inc. that potentially could be used to allow a maliciously ...
JFrog CEO: AI Agents Require Practices Beyond Security, Traceability

JFrog CEO: AI Agents Require Practices Beyond Security, Traceability

| | agentic AI, github, JFrog Fly, JFrog swampUP 2025, MCP, NVIDIA, ServiceNow
NAPA, Calif. -- A new persona in software development, artificial intelligence (AI) agents rather than human developers, has made it imperative that foundational platforms incorporate agentic practices alongside security, traceability, and visibility ...
John Willis: The True North of DevOps and DevSecOps

John Willis: The True North of DevOps and DevSecOps

| | CAMS, DASP, devops, devsecops
Over the last 14-plus years of my journey through DevOps, I’ve had the good fortune to meet some of the smartest, most generous, most forward-thinking people in our industry. It’s one of ...
Tackling the DevSecOps Gap in Software Understanding

Tackling the DevSecOps Gap in Software Understanding

| | devsecops, SBOMs, Software Visibility, supply chain security
When I first read the recent article from CISA titled "Tackling the National Gap in Software Understanding," I had the same reaction I imagine many of you did: Well, of course this ...
PagerDuty, Harness, Qwiet, HashiCorp, Harness, Kong, API, sentry, Wiz, Veracode, ASPM,

Veracode Allies with Wiz to Bring More Context to DevSecOps Workflows

| | ASPM, devsecops
Veracode today revealed an alliance through which it will integrate its application security posture management (ASPM) platform with the cloud native application protection platform from Wiz ...
Kusari Adds AI Security Tool to Inspect Code as Pull Requests Are Made

Kusari Adds AI Security Tool to Inspect Code as Pull Requests Are Made

| | ai, application development, devsecops, Kusari
Kusari has added an artificial intelligence (AI) tool that runs a security risk assessment every time an application developer makes a pull request. Company CTO Mike Lieberman said Kusari Inspector is designed ...
AWS Extends Cloud Security Reach to Include DevSecOps Tools to Scan Code

AWS Extends Cloud Security Reach to Include DevSecOps Tools to Scan Code

| | Amazon Inspector, AWS, Cloud Security, devsecops
Amazon Web Services (AWS) this week made Amazon Inspector, a code scanning tool for surfacing vulnerabilities that is designed to be natively integrated with GitHub and GitLab platforms, generally available. Announced at ...
ControlMonkey, Black duck, survey, Checkmarx, vulnerable code,

Survey Surfaces Uneven Adoption of SBOMs to Secure Software

| | ai, Lineaje, SBoM, Software Supply Chain
A survey of 100 security professionals finds nearly half (48%) of security professionals admit their organizations are falling behind on meeting software bill material (SBOM) requirements as specified by the U.S. Office ...
Show More