Tag: supply chain security
Shift Left to the Developer’s Machine: Building Local Git Security GatesÂ
Arun Sanna | | CI/CD security, code security, Credential Leakage, Defense in Depth, developer experience, Developer Security, devsecops, Git Hooks, Git Security, GitLeaks, Open Source Security Tools, Pre-Commit Hooks, secret detection, secrets management, shift left security, Software Supply Chain, static analysis, supply chain security, vulnerability scanningShift left to the developer's machine. The principle is what matters: Stop secrets before they ship. The tooling is a means to that end. ...
Tool Fragmentation is Breaking Delivery Context — Here’s What Teams are LearningÂ
Arul Watson | | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token managementExplore the emerging crisis in application delivery caused by tool fragmentation in modern software development. This article discusses the need for semantic interoperability, context preservation, and a shift from linear pipelines to ...
Secrets Management Failures in CI/CD PipelinesÂ
Johnbosco Ejiofor | | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token managementExplore the critical role of secrets management in CI/CD pipelines and its impact on cybersecurity. This article highlights the risks of credential exposure, the importance of implementing strong security practices, and how ...
Your AI Agents Have a Blind Spot: What DevOps Teams Need to Know About Cross-LLM SecurityÂ
Arun Sanna | | AI agents, AI infrastructure, Behavioral Monitoring, Cross-LLM Detection, Cybersecurity, devops, DevOps pipelines, incident management, Model-Aware Detection, Multi-LLM Environments, security best practices, Security Gaps, supply chain security, threat detection, vulnerability managementExplore the challenges of AI agents in DevOps pipelines, highlighting the importance of model-aware detection to improve security and reduce vulnerabilities ...
Patch Management is Essential for Securing DevOps
Alexander Williams | | automated patching, automated rollbacks, canary deployments, CI gating, CI/CD pipelines, cloud-native security, continuous delivery security, CVE scanning, devops best practices, devops security, devsecops, feature flags, mean time to patch (MTTP), observability in devops, patch automation tools, patch management, runtime mitigation, SBoM, security automation, software bill of materials, software vulnerabilities, supply chain security, vulnerability discovery, vulnerability management, zero-day defense, zero-day exploitsZero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...
The DevSecOps Career Path: What No One Tells You About Getting Started
Philip Piletic | | CI/CD security, Cloud Security, container security, developer security skills, devops security, DevOps to DevSecOps, devsecops, DevSecOps career transition, DevSecOps certifications, DevSecOps roadmap, DevSecOps skills, infrastructure as code security, OWASP Top 10, Secure software delivery, supply chain securityDevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they're expected to understand ...
Tackling the DevSecOps Gap in Software Understanding
When I first read the recent article from CISA titled "Tackling the National Gap in Software Understanding," I had the same reaction I imagine many of you did: Well, of course this ...
Futurum Group Survey Surfaces DevSecOps Progress on Multiple Fronts
A survey of 110 security leaders finds all are investing in software supply chain security, with application security posture management (ASPM) and DevSecOps automation and orchestration topping the priority list, followed closely ...
How to Extend an Application Security Program to AI/ML Applications
Gopinath Rebala | | AI/ML Applications, Application Security Program, appsec, Data Security Model, Large Language Models, LLMs, Runtime Environments, Security Risks, supply chain security, Third-party DependenciesWhile various AI/ML application risks are like traditional application security risks and can be protected using the same tools and platforms, runtime security for the new models requires new methods of securing ...
JFrog Survey Surfaces Limited DevSecOps Gains
A global survey of 1,402 application developers, cybersecurity and IT operations professionals finds 71% work for organizations that, despite any potential vulnerabilities, still allow developers to download packages directly from the internet ...
Checkmarx Extends DevSecOps Reach to Repository Security and Secrets Discovery
Checkmarx this week extended the scope of its ability to protect software supply chains with tools that access how secure a repository is and find where application secrets have been shared in ...
Survey Surfaces Software Supply Chain Security Gains
A survey of 106 leaders and practitioners involved in software supply chain security finds more than three-quarters of respondents (76%) work for organizations that have made software supply chain security a significant ...
