Application Security

Application Security | News, how-tos, features, reviews, and videos

A rubber duck sits on a target's bullseye  >  sitting duck / easy target / victim targeting
ship wheel captain leadership

red eyed tree frog

JFrog adds ML model management to devsecops platform

JFrog unveiled a number of new platform capabilities including static application security testing and anti-tampering and compliance checks for software releases.

The shadow of hand unsettlingly hovers over a keyboard.

How to get a handle on shadow AI

By allowing the use of AI tools proven to be safe, but requiring them to be used within explicit guidelines, you can alleviate both employee frustration and organizational risk.

shutterstock 77260183 rusty old woodworking tools on the wall of an old workshop

The lost art of cloud application engineering

AI-driven coding is now in wide use, but we may not know all the risks of using it until the damage has been done. Think security problems and code that wastes resources.

virtual puzzle cube / problem-solving / solution / strategy

A new hope for software security

From package signing to SBOMs to new developer toolchains, the pieces for securing the software supply chain are starting to come together.

shutterstock 1127162939 traffic light  red yellow green code 1200x800

JFrog Curation blocks malicious open source software packages

DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use.

shutterstock 740169646 red light red traffic light against a black background

Golang vulnerability checker flags Go vulnerabilities

Govulncheck is a command-line utility that uses the Go vulnerability database to identify known vulnerabilities in Go source code and Go binaries.

gears iot

GitLab Dedicated offers single-tenant, SaaS-based devsecops

Service hosted and managed by GitLab is geared to users with strict compliance requirements such as isolation, data residency, and private networking.

DevOps DevSecOps Security Pipeline

7 key features for Kubernetes and container security

Uptycs combines threat detection for Kubernetes and container runtimes, along with automated registry scanning and Kubernetes hardening checks. Here are the highlights.

endless labyrinth 161827306

AppMap: A map to reduce developer toil

Open-source AppMap brings runtime code analysis into the developer’s code editor, providing the feedback needed to address performance and security issues during development and reduce code rework.

shutterstock 175644863 scattered clutter of nuts bolts wrenches tools in black and white

How to reduce your devops tool sprawl

After a decade of software development and operations teams embracing every ‘right tool for the job,’ it’s time to start tool consolidation efforts. Here’s where to start.

Tree roots

Sigstore: Roots of trust for software artifacts

Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.

Person holding phone near a laptop while getting two-factor authentication info

A practical guide to React Native authentication

Using React Native authentication to verify user identities is a relatively painless and straightforward process that not only protects your company’s data and your user’s privacy, but also improves the user experience.

programmer devops certification skills code data scientist student by fatos bytyqi unsplash

Google launches dependency API and curated package repository with security metadata

With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.

programming / coding elements / lines of code / development / developers / teamwork

Snyk bolsters developer security with fresh devsecop, cloud capabilities

Snyk aims to boost security support for developers across their software supply chains with coding, cloud and devsecops enhancements.

programming / coding elements / lines of code / development / developers / teamwork

Splunk adds new security and observability features

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

cybersecurity  >  information security / data protection / lock / shield / layers of integration

Cybersecurity startup Oligo debuts with new application security tech

An Israeli startup targets open source code vulnerabilities with advanced agentless filtering technology.

shutterstock 324149159 cloud computing building blocks abstract sky with polygons and cumulus clouds

How multicloud changes devops

More clouds, more complexity, more challenges. Now’s the time to prepare for the impact multicloud will have on your devops teams.

A magnifying lens exposes an exploit amid binary code.

C++ creator Bjarne Stroustrup defends its safety

US National Security Agency recommends using memory safe programming languages instead of C/C++ when possible, because hackers frequently exploit memory issues.

Load More