Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: Software Supply Chains

ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

Report: Commerical Software Just as Vulnerable as Open Source

| | ai, devsecops, open source, Secrets, Software Supply Chains, vulnerabilities
An analysis published by ReversingLabs, a provider of tools for securing application development environments, suggests that commercial software used in software supply chains is just as vulnerable as open-source code ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust

| | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long View
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
some-code

Microservices Adoption and the Software Supply Chain

| | application modernization, microservices, Software Supply Chains
Software development is undergoing industrialization, with more and more software rapidly assembled out of components and an emphasis on building automation around software validation and release processes. Modern cloud-native software is no ...
skills gap, quantum computing, skills cloud architect DevSecOps Dell

DevSecOps Trends to Know For 2021

| | devsecops, open source, shadow code, Software Supply Chains, sonatype
For DevSecOps leaders, 2021 will be the year of the open source supply chain attack. It’s already starting, in fact. On January 7, security researchers at Sonatype identified three malicious Java components ...
The 2016 State of Software Supply Chain Report is Here

The 2016 State of Software Supply Chain Report is Here

| | application security, continuous delivery, devops, open source governance, Repository Manager, rugged devops, Software Supply Chains, sonatype
Our State of the Software Supply Chain Report has just been released.  Over the past year, we’ve amassed a great deal of data with respect to the staggering volume and variety of ...
DevOpsSec: 1 in 16 Chances

DevOpsSec: 1 in 16 Chances

| | application security, Archiva, Artifactory, DevOpsSec, Nexus, Repository Managers, rugged devops, Software Supply Chains, Supply Chain Automation, Supply Chain Intelligence
The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities, especially important for DevOpsSec practices. By leveraging automation in ...
DevOps Leadership Series: Software Supply Chains

DevOps Leadership Series: Software Supply Chains

| | Chef, devops connect, devops culture, rugged devops, Software Supply Chains, sonatype
We kicked off this series on Monday with Gene Kim (@RealGeneKim) sharing his views on the big theme for DevOps in 2015: proving that DevOps is applicable for large organizations. Another theme that arose ...