Tag: devsecops
Google Proposes SLSA Framework to Secure Software Supply Chains
Google is proposing organizations adopt a framework for securing the integrity of software artifacts across a software supply chain. Kim Lewandowski, a product manager for open source software security at Google, said ...
Accurics Aligns DevSecOps Platform With GitLab
Accurics today announced it has integrated its tool for discovering violations of security policies that occur when developers provision infrastructure as code with both the continuous integration and continuous delivery (CI/CD) platform ...
Majority of Orgs Lack Visibility Into Container Vulnerabilities
Today’s blend of third-party application dependencies and polyglot software development often makes assessing risk difficult. With many new cloud-native deployment models, it can be tricky to discover potential vulnerabilities. These threats take ...
Get the Benefits of Low-Code Without the Risks
Today, more than 300 vendors and various platforms offer different flavors of low-code solutions. However, the majority of these low-code tools are really no-code tools that benefit individuals or groups trying to ...
Why API Quality Is Top Priority for Developers
It is no secret that web APIs have become increasingly important to the operation of modern businesses. According to RapidAPI's Developer Survey and Insights report, 61% of developers used more APIs in ...
HashiCorp Increases Terraform’s Enterprise Appeal
During the online HashiConf Europe conference today, HashiCorp debuted the general availability of a 1.0 release of HashiCorp Terraform along with updates to HashiCorp Terraform Cloud service. Meghan Liese, senior director of ...
What Biden’s Cybersecurity EO Means for DevOps Teams
On May 12, 2021 President Biden issued Executive Order 14028, also known as the Executive Order on Improving the Nation’s Cybersecurity. This EO covers a lot of ground, and like all executive ...
Fixing Risk Sharing With Observability
Incentives are mismatched among SREs, SecOps, and application developers. These mismatches create challenges around how and what information is shared across siloed teams. This asymmetrical information creates a moral hazard where one ...
GitLab Acquires UnReview to Further AI Ambitions
GitLab announced this week it has acquired UnReview, a provider of a tool that employs machine learning algorithms to identify which expert code reviewers to assign to a project based on both ...
7 Step Transformation Blueprint for SecDevOps
The struggle for continuous software security is obvious, but the solutions are not. As I indicated in my prior blog, SecDevOps is the Solution to Cybersecurity, a security-first mindset, coupled with SecDevOps-specific ...
Serverless Computing Brings New Security Risks
Attracted by lower costs and less operational overhead, serverless computing is an unmistakable undercurrent in the world of DevOps. Developers are drawn to the innovation because it requires no architecture to manage ...
API Security by Design
"APIs are nothing new," said Secure Code Warrior co-founder and CTO Matias Madou, but they have recently become more widely used. And where they were once a local mechanism, they are increasingly ...
