Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

DevSecOps

Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains

| | data, devops, malware, Software Supply Chain, typo-squatting
Checkmarx, this week, reported it has discovered malicious software packages that, in addition to injecting malware capable of bypassing endpoint security to exfiltrate data, also provide persistent remote access and control of ...
DevSecOps, security, SAST, DevSecOps, Tidelift, GenAI, software, security, devsecops, AI, AISecOps Digital.ai transformation DevOps security mobile DevSecOps Dynatrace Extends Reach of Application Security Module

Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts

| | devsecops, supply chain security, survey
A survey of 110 security leaders finds all are investing in software supply chain security, with application security posture management (ASPM) and DevSecOps automation and orchestration topping the priority list, followed closely ...
build, developers, authorization, teams, DevOps, loop, trends,

Simplifying Authorization at Scale: The Importance of DevOps Workflows with Flexible, Scalable and Secure Access Control 

| | access control, Authorization-as-a-Service, cloud-native security, devops, microservices, policy as code, scalable authorization
DevOps has transformed how developers build, deploy, and manage infrastructure and applications, making automation, scalability and rapid iteration core to modern development workflows.  While much of the software delivery process has evolved, authorization ...
continuous compliance, validated, devops, liability, software, compliance Checkly Palo Alto Networks Checkov

Continuous Compliance for Cloud-Native CI/CD Pipelines

| | Audit-ready pipelines, CI/CD, cloud-native, continuous compliance, devsecops, Infrastructure as Code (IaC), policy as code, Regulatory automation
How DevOps teams can embed auditability without sacrificing delivery speed ...
AI, AI-powered, DevSecOps, zero-trust, Mobb Checkmarx DevSecOps security

AI-Powered DevSecOps: Navigating Automation, Risk and Compliance in a Zero-Trust World

| | AI in DevOps, CI/CD pipeline security, cloud security best practices, continuous compliance, DevOps compliance, FedRAMP DevOps, GRC automation, microservices security, NIST compliance, security automation
Breaking down how artificial intelligence (AI) is reshaping DevSecOps, the security pitfalls that come with it and how to balance the raw efficiency of automation with the actual realities of risk mitigation ...
AWS, SageMaker, pipelines, CI/CD, ReversingLabs DevOps jobs AIOps

Harmonizing AI-Driven DevOps: Building Secure, Self-Healing Pipelines With AWS Bedrock and SageMaker

| | AI-Driven DevOps, Amazon SageMaker, AWS Bedrock, CI/CD Automation, devsecops, Self-Healing Pipelines
The combination of SageMaker and Bedrock enables DevOps teams to develop secure self-healing pipelines through AI harmonization, which transforms software delivery processes ...
ArmorCode Makes Anya AI Agent Generally Available

ArmorCode Makes Anya AI Agent Generally Available

| | agentic AI, AI agent, ASPM, devsecops, RSAC 2025
ArmorCode at the 2025 RSA Conference this week made generally available Anya, an artificial intelligence (AI) agent added to its application security posture management (ASPM) platform that has specifically been trained to ...
Lineaje, AI, agents, Cycode, SAST, analysis, Black Duck, open-source, coding, DevSecOps, OpenText, Process, DevSecOps, ASPM, Cycode SecOps GitLab Quali SigStore OWASP DevSecOps vulnerabilities security Pulumi DevSecOps Analyzing Code for Security Vulnerabilities

Lineaje Leverages AI Agents to Secure Open Source Packages and Images

| | devsecops, open source, vulnerabilities
Lineaje has added artificial intelligence (AI) agents that leverage multiple types of code scanners to ensure the open-source software packages and artifacts being used by application developers are truly secure ...
AI, software, AI-native, development, DevOps,

Cycode Adds AI Agent Teammates to Secure Software Supply Chains

| | AI agents, devops, devsecops
Cycode, this week, added multiple artificial intelligence (AI) agents to its application security posture management (ASPM) capable of monitoring code and offering remediation suggestions. In addition, the company is adding an ability ...
Endor, AI agents, JFrog New Relic SRE AIOps self-service

Endor Labs Adds AI Agents to Automate Application Security Reviews

| | AI agents, devops, security
Endor Labs today added a set of artificial intelligence (AI) agents to its platform, specifically trained to identify security defects in applications and suggest remediations. Fresh off raising an additional $93 million ...
Veracode Extends Scope and Reach of DevSecOps Portfolio

Veracode Extends Scope and Reach of DevSecOps Portfolio

| | devsecops, kubernetes, risk management, Telemetry data
Veracode today updated its risk management tool to provide integration with Kubernetes runtime environments, increased integration with code repositories to make it simpler to identify the origin of vulnerabilities and, available shortly, ...
AI, security

AI-Generated Code Packages Can Lead to ‘Slopsquatting’ Threat

| | AI code generation, AI hallucinations, Large Language Models, slopsquatting, software supply chain risks
AI hallucinations – the occasional tendency of large language models to respond to prompts with incorrect, inaccurate or made-up answers – have been an ongoing concern as the enterprise adoption of generative ...
Show More