Tag: devsecops
From Phishing to Vishing: Why DevSecOps Must Rethink Communication Security
Key Takeaways: Vishing is the new frontline threat: Attackers are shifting from emails to phone-based scams, using AI and social engineering to bypass traditional security controls. DevSecOps must expand its scope: Securing ...
Why CI-Based Security is Too Late for Modern Node.js Projects
Most Node.js teams rely on CI pipelines to tell them whether their dependencies are secure. By the time that feedback arrives, however, the most important decisions have already been made ...
Homebrew to Packages: No ID, No Service
Homebrew, the unofficial but default package manager for many Apple Mac users, now has safeguards to prevent supply-chain attacks. The approach mimics how GitHub just fortified npm against attacks by establishing a ...
AWS Continuum Service Employs AI to Secure Software Supply Chains
Amazon Web Services (AWS) today launched a service that expands the scope of the artificial intelligence (AI) tools it provides to secure code to include an agent that discovers, validates and prioritizes ...
Tenet’s ‘Agentjacking’ Attack Turns Sentry Errors Into Code Execution
AI coding agents can create a new code execution risk when they treat externally influenced error data as trusted guidance and have access to command line tools, according to new research from ...
Why Endpoint Protection Matters More than Ever in CI/CD Environments
Samuel Ogbonna | | CI/CD security, Developer Workstations, devsecops, Endpoint Security, Software Supply Chain SecurityCI/CD environments depend on far more than repositories and deployment infrastructure. Developer endpoints hold sensitive data: cloud credentials, SSH keys, deployment permissions, direct access to internal systems. Endpoint security and control are ...
Survey Surfaces Depth of DevSecOps Crisis in the Age of AI
A global survey of 2,350 developers, CISOs and application security managers published this week finds that while nearly all respondents (96%) work for organizations that have embedded or connected artificial intelligence (AI) ...
Shift Left to the Developer’s Machine: Building Local Git Security Gates
Arun Sanna | | CI/CD security, code security, Credential Leakage, Defense in Depth, developer experience, Developer Security, devsecops, Git Hooks, Git Security, GitLeaks, Open Source Security Tools, Pre-Commit Hooks, secret detection, secrets management, shift left security, Software Supply Chain, static analysis, supply chain security, vulnerability scanningShift left to the developer's machine. The principle is what matters: Stop secrets before they ship. The tooling is a means to that end. ...
npm v12 Is Coming in July — Here’s What Developers Need to Do Now
For years, running npm install meant trusting that whatever code got pulled in would behave itself. That trust was often misplaced. Starting in July 2026, npm v12 changes the rules. Install scripts ...
GitLab Previews Revamped DevOps Platform for the Agentic AI Era
Mike Vizard | | Agentic Workflows, AI agents, AI coding tools, AI governance framework, context graph, devops, devsecops, Git protocol, gitlab, GitLab Flex, GitLab Orbit, software lifecycle engineering, Transcend 2026At Transcend 2026, GitLab launched updates to optimize its DevOps platform for AI-generated code, featuring Next Gen Source Code Management, GitLab Orbit, and an AI Governance framework ...
Broadcom Aims to Better Secure Spring Applications in the AI Era
Broadcom today released a raft of updates to the open source Spring framework for building Java applications to primarily address a wave of vulnerabilities discovered by researchers using artificial intelligence (AI) tools ...
Secure Code Warrior Leverages AI to Extend DevSecOps Training Reach
Secure Code Warrior this week extended the capability of its artificial intelligence (AI) agent to make it possible to surface relevant training insights in real time as application developers are writing code ...
