Tag: CI/CD security
Agentic DevSecOps: AI Security Co-Pilots for Your CI/CD Pipeline
Joydip Kanjilal | | agentic AI, AI copilots, AI Governance, AI incident response, AI pipeline management, AI security, AI security agents, AI threat detection, AI vulnerability scanning, AI-driven security, AI-powered DevSecOps, application security, autonomous AI agents, autonomous security testing, CI/CD security, Cloud Security, continuous security monitoring, cybersecurity automation, devops security, devsecops, devsecops automation, infrastructure security, intelligent automation, real-time threat intelligence, SDLC security, Secure software delivery, security automation, security operations, security orchestration, security posture management, software development lifecycle, software security, threat remediationThe emergence of AI has brought endless possibilities and innovative opportunities in today’s ever-changing, fast-paced technology landscape. AI is helping development teams produce software significantly faster than ever before. AI-enabled DevSecOps tools ...
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
Jeff Burt | | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technologyThe latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
Your CI/CD Pipeline Has Non-Human Identities You Forgot About
Jay Goradia | | CI/CD security, infrastructure access, non-human identities, pipeline automation, workload identityA deployment starts failing late on a Friday evening. The initial assumption is that something changed in the application release. Teams start checking container images, Terraform plans and recent commits. Nothing looks ...
AI-Generated Apps Without DevOps: A Security Disaster Waiting to Happen
Sannan Ali | | AI coding assistants, application security, CI/CD security, devops, Software Supply ChainA small internal tool was built over a weekend. An engineer used an AI coding assistant to generate most of the backend. A simple interface was added, a few API calls were ...
AWS CodeBuild Webhook Misconfiguration Exposed Admin Access Risk
Tom Smith | | AWS CodeBuild, AWS open source, build pipeline security, CI/CD security, devops security, GitHub security, regex security, Software Supply Chain, webhook misconfiguration, Wiz ResearchAWS fixed webhook filter misconfigurations in CodeBuild that could have allowed unauthorized repository access. No customer impact or malicious code found ...
Build vs. Buy: What it Really Takes to Harden Your Software Supply Chain
Matt Moore | | CI/CD security, container registry security, container vulnerabilities, devsecops, hardened images, Kubernetes security, secure build pipelines, Software Supply Chain SecurityWhen it comes to securing the software supply chain, engineering teams often assume that the choice between building their own hardened images or buying a solution is straightforward…until they try to build the ...
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
Jenn Yarnold | | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attackDevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
The DevSecOps Career Path: What No One Tells You About Getting Started
Philip Piletic | | CI/CD security, Cloud Security, container security, developer security skills, devops security, DevOps to DevSecOps, devsecops, DevSecOps career transition, DevSecOps certifications, DevSecOps roadmap, DevSecOps skills, infrastructure as code security, OWASP Top 10, Secure software delivery, supply chain securityDevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they're expected to understand ...
What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today?
Emily Amanda | | application security, CI/CD security, context-aware scanning, developer-friendly security, DevOps security integration, devsecops, modern security tools, noise reduction in alerts, real-time scanning, Secure software delivery, security feedback loop, security in pipelines, software vulnerabilities, vulnerability management metrics, vulnerability scanningTraditional vulnerability scanning can’t keep pace with CI/CD. Learn how real-time, context-aware scanning reduces noise, speeds fixes, and enables secure DevSecOps at scale ...
Why CI/CD Pipelines Break Zero-Trust: A Hidden Risk in Enterprise Automation
Surya Avirneni | | CI/CD security, Open Policy Agent (OPA), Secure software delivery, SPIFFE / SPIRE, Workload attestation, zero-trustThis article highlights a critical blind spot in pipeline security: The gap between job identity and runtime trust. Here’s how organizations can finally close it. ...
Tips For Securing CI/CD Pipelines
Most development teams want to increase the pace of their software delivery. As such, continuous integration and delivery (CI/CD) has grown in importance, helping push code from build to production as seamlessly ...
