Devsecops | News, how-tos, features, reviews, and videos

Cybersecurity  >  abstract network of circuits data and lock
Conceptual image of a network labeled 'Zero Trust.'

9 visibilty fog search

The state of API security in 2023

Understanding the landscape of interactions, behaviors, and potential threat vectors is the next frontier of API security. However, four in 10 companies still can’t discover all of the APIs they’re using.

shutterstock 110543936 bumble bees and daisies in a green meadow under blue sky and white clouds

CloudBees readies cloud-native devsecops platform

CloudBees platform built on Tekton boasts feature flagging, value stream management, CI/CD pipeline orchestration, and GitHub Actions-like workflow automation.

ship wheel captain leadership

What ChatGPT doesn’t say about Kubernetes in production

Generative AI is already proving helpful across many relatively basic use cases, but how does it hold up when tasked with more technical guidance?

red eyed tree frog

JFrog adds ML model management to devsecops platform

JFrog unveiled a number of new platform capabilities including static application security testing and anti-tampering and compliance checks for software releases.

shutterstock 1127162939 traffic light  red yellow green code 1200x800

JFrog Curation blocks malicious open source software packages

DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use.

gears iot

GitLab Dedicated offers single-tenant, SaaS-based devsecops

Service hosted and managed by GitLab is geared to users with strict compliance requirements such as isolation, data residency, and private networking.

Tree roots

Sigstore: Roots of trust for software artifacts

Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.

programmer devops certification skills code data scientist student by fatos bytyqi unsplash

Google launches dependency API and curated package repository with security metadata

With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.

programming / coding elements / lines of code / development / developers / teamwork

Snyk bolsters developer security with fresh devsecop, cloud capabilities

Snyk aims to boost security support for developers across their software supply chains with coding, cloud and devsecops enhancements.

programming / coding elements / lines of code / development / developers / teamwork

Splunk adds new security and observability features

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

shutterstock 324149159 cloud computing building blocks abstract sky with polygons and cumulus clouds

How multicloud changes devops

More clouds, more complexity, more challenges. Now’s the time to prepare for the impact multicloud will have on your devops teams.

DevOps DevSecOps Security Pipeline

What is DevSecOps? Securing devops pipelines

DevSecOps evolves devops concepts with tools and practices that embed security in every layer of the software development life cycle. Here's why more companies are embracing DevSecOps.

cloud computing / cloud network

Qualys previews TotalCloud FlexScan for multicloud security management

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Azul detects Java vulnerabilities in production apps

Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.

A network of connected virtual container blocks.

Most reported CVEs for Docker Hub images are harmless

JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

broken chain metal link breach security

Security is hard and won’t get much easier

Software systems are complex, and development teams have conflicting goals. Oh, and people are imperfect.

nw speedometer speed measuring by geralt via pixabay linda perez johannessen via unsplash 2400x1600

7 devops practices to improve application performance

Devops is tough, but the choice between faster development and improving reliability shouldn't be. Consider shifting-left security, better observability, AIops platforms, and more.

Load More