Tag: Software Supply Chain Security
GitHub Takes Down 73 Microsoft Repos After Miasma Worm Attack
Tom Smith | | AI coding tools, credential harvesting, Cybersecurity, developer environment, GitHub breach, IDE vulnerabilities, Miasma worm, Microsoft Azure, Shai-Hulud malware, Software Supply Chain SecurityGitHub pulled 73 Microsoft repositories offline after the self-replicating Miasma worm weaponized IDEs and AI coding tools to harvest developer credentials ...
Survey Surfaces Increased Reliance on Open Source Software to Build Apps
Mike Vizard | | AI-Driven Vulnerabilities, Cyber Resilience Act (CRA), DevOps maintenance, DevSecOps best practices, DORA Compliance, Enterprise Open Source Adoption., Open Source Software (OSS), OpenLogic Survey, Software Supply Chain Security, vendor lock-inOpen source adoption is surging, with 49% of IT teams increasing usage. However, 47% of staff spend 75% of their time on maintenance. Explore the impact of AI threats and EU regulations ...
Why AI-Generated Code Is Raising the Stakes for Secrets Management
Following a $50 million funding round, GitGuardian CEO Eric Fourrier discusses why secrets security is becoming a much bigger problem in the age of AI-generated code and autonomous agents. As more organizations ...
Chainguard Expands Repository to Add More Secure Open Source Libraries
Mike Vizard | | AI agents, application security, dependency layer, devops best practices, DevSecOps practices, Open Source Security Foundation, open source vulnerabilities, secure open source libraries, secure repositories, SLSA framework, software artifacts, software builds, Software Supply Chain SecurityLearn how Chainguard is strengthening software supply chains by expanding its secure repository of Java, JavaScript, and Python libraries, enabling DevOps teams to access components compliant with SLSA framework standards ...
Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do
Joseph M. Saunders | | open source security, OWASP Top 10, SBoM, Software Supply Chain Security, supply chain attacksSoftware supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities ...
Checkmarx Acquisition of Tromzo Accelerates Plan to Apply AI to Application Security
Mike Vizard | | AI agents, AI in cybersecurity, AI-powered security, application security, Application Security Posture Management, ASPM, DAST, devsecops, devsecops automation, SAST, SCA, SDLC security, secure software development lifecycle, Software Supply Chain Security, zero-day vulnerabilitiesCheckmarx accelerates its AI-driven DevSecOps strategy after acquiring Tromzo, integrating AI agents to automate application security across the software development lifecycle ...
Endor Labs Adds AI SAST Tool to Discover Vulnerabilities in Code
Mike Vizard | | agentic AI, AI code analysis, AI coding tools, application security, broken access control, code scanning, code security, developer security tools, devsecops, false positives reduction, LLM code vulnerabilities, multimodal static analysis, OWASP Top 10, secure design, Software Supply Chain Security, Static Application Security TestingEndor Labs launches an agentic AI-powered SAST tool that drastically reduces false positives, identifies deeper code flaws and helps DevSecOps teams secure AI-generated code across 40+ languages ...
JFrog Adds Ability to Track Usage of AI Coding Tools
Mike Vizard | | AI API management, AI code auditing, AI coding tools, AI compliance tracking, AI Governance, AI in DevOps, AI model inventory, AI risk mitigation, AI-generated code, application security, code risk detection, devsecops, Large Language Models, LLM security, MLOps, SCA, secure coding practices, Shadow AI detection, software composition analysis, software provenance, Software Supply Chain Security, software vulnerabilities, source code scanningJFrog introduces AI-Generated Code Detection and Shadow AI Detection tools to identify AI-created code, track model usage, and enhance DevSecOps governance across software supply chains ...
DevSecOps in Practice: Closing the Gap Between Development Speed and Security Assurance
Usman Peter | | application security automation, automated vulnerability scanning, CI/CD pipeline security, cloud and container security, continuous feedback loops, continuous security integration, developer security mindset, development speed and security balance, devsecops, DevSecOps best practices, risk-based security, SaferNet VPN, Secure DevOps, secure software development, security as code, security automation tools, security champions, security culture, shift left security, Software Supply Chain SecurityIn the world of modern software development, speed is king. Teams are under constant pressure to release features, fix bugs and stay ahead of competitors. Yet, as development velocity increases, so does ...
Establishing Visibility and Governance for Your Software Supply Chain
Parth Patel | | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritizationAsset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
Git Services Need Better Security. Here’s How End-to-End Encryption Could Help
Tom Smith | | code security, devops security, end-to-end encryption, GitLab security, repository protection, secure development practices, Software Supply Chain SecurityA new study from the University of Sydney, UESTC, and Google introduces efficient end-to-end encryption for Git services like GitHub and GitLab. Learn how this breakthrough could secure your code repositories without ...
Build vs. Buy: What it Really Takes to Harden Your Software Supply Chain
Matt Moore | | CI/CD security, container registry security, container vulnerabilities, devsecops, hardened images, Kubernetes security, secure build pipelines, Software Supply Chain SecurityWhen it comes to securing the software supply chain, engineering teams often assume that the choice between building their own hardened images or buying a solution is straightforward…until they try to build the ...
