#devsecops

[ follow ]
cybersecurity
New Relic
1 day ago
Information security

Rethinking vulnerability prioritization

A weighted prioritization system considers key elements for an objective measure, aiding laser-focused resource allocation and proactive defense, while promoting adaptive security. [ more ]
DevOps.com
3 hours ago
Artificial intelligence

Sumo Logic Previews GenAI Tool to Improve DevSecOps Observability - DevOps.com

Sumo Logic introduces copilot with AI for easier observability platform usage. [ more ]
DevOps.com
2 weeks ago
Artificial intelligence

The Role of AI in Securing Software and Data Supply Chains - DevOps.com

Open source software supply-chain attacks are increasing, impacting businesses and necessitating new security strategies like AI integration. [ more ]
DevOps.com
2 months ago
Artificial intelligence

AISecOps: Expanding DevSecOps to Secure AI and ML - DevOps.com

AI and ML integration faces increasing cybersecurity threats, particularly targeting code repositories.
Data poisoning poses a significant risk to AI models by manipulating behavior through malicious code and data insertion. [ more ]
DevOps.com
2 months ago
Information security

Survey Sees Limited DevSecOps Progress Being Made as Vulnerabilities Mount - DevOps.com

Over a third of code contains vulnerabilities, with an average of 55.5 security vulnerabilities each day per organization.
Organizations address only a fraction of vulnerabilities monthly due to limited resources and lengthy remediation phases. [ more ]
DevOps.com
3 months ago
Information security

Graylog Makes Free API Security Tool Available to Developers - DevOps.com

Graylog has released a free version of its API security platform to encourage developers to adopt best practices in securing their APIs.
The free version has all the capabilities of the paid version but is limited to 16GB of local rolling storage on a single node with a one-year renewable license.
The platform includes capabilities such as API classification, discovery, risk scoring, continuous monitoring, and the ability to capture API request and response payloads. [ more ]
morecybersecurity
devops
DevOps.com
2 days ago
DevOps

What OpenTofu 1.7 Means for DevSecOps - DevOps.com

OpenTofu 1.7.0 introduces end-to-end state encryption for enhanced security in DevOps and DevSecOps operations. [ more ]
DevOps.com
2 months ago
Software development

Forget Shift Left: Why 'No Shift' is the Future of Software Innovation - DevOps.com

Shift Left emphasizes early testing and security integration.
No Shift strategy advocates for development and testing directly in production, leveraging advanced technologies. [ more ]
DevOps.com
2 months ago
Privacy professionals

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks. [ more ]
DevOps.com
2 months ago
Information security

Why DevOps is Key to Software Supply Chain Security - DevOps.com

DevOps emphasizes rapid, high-quality service delivery.
DevSecOps integrates security into the software delivery process to combat supply chain attacks. [ more ]
Amazic
3 months ago
DevOps

What's more to explore besides DevOps? - Amazic

DevOps initiatives are essential for IT organizations, with most organizations recognizing its importance in software development.
DevSecOps is a popular variant of DevOps, focusing on integrating security practices throughout the software development lifecycle. [ more ]
moredevops
vulnerabilities
DevOps.com
3 weeks ago
DevOps

Datadog DevSecOps Report Shines Spotlight on Java Security Issues - DevOps.com

90% of Java services have critical vulnerabilities from third-party libraries, 63% from indirect dependencies, impacting app security and requiring continuous improvement in DevSecOps. [ more ]
DevOps.com
3 months ago
Information security

OX Security Optimizes DevSecOps to Improve Application Security - DevOps.com

OX Security's ASPM platform helps DevSecOps teams identify potentially exploitable code in production environments.
The platform reduces the number of alerts generated by 99%, allowing teams to focus on actual risks and prioritize their resources. [ more ]
DevOps.com
3 months ago
Software development

Mobb Extends DevSecOps Reach of Tool to Generate Patches - DevOps.com

Mobb now provides instant patches for vulnerabilities during a DevSecOps workflow.
The Mobb platform combines AI and security research to automatically create patches for vulnerabilities. [ more ]
morevulnerabilities
DevOps.com
3 months ago
Artificial intelligence

Diffblue Integrates Generative AI-Based Testing Platform With GitLab - DevOps.com

Diffblue has integrated its automated unit testing platform for Java with GitLab's DevSecOps platform to streamline regression testing and improve application quality and security.
Diffblue's AI-based platform can update tests 250 times faster than manual testing, reducing friction and bottlenecks in DevSecOps teams. [ more ]
DevSecOps
DevOps.com
5 months ago
Information security

Vulnerability Management for DevOps Teams: A Practical Guide - DevOps.com

Vulnerability management is a continuous process of identifying, prioritizing, and resolving security vulnerabilities in software systems.
It is important for DevOps teams to incorporate vulnerability management into their practices to ensure the security of their software throughout the development lifecycle. [ more ]
DevOps.com
5 months ago
Information security

Vulnerability Management for DevOps Teams: A Practical Guide - DevOps.com

Vulnerability management is a continuous process of identifying, prioritizing, and resolving security vulnerabilities in software systems.
It is important for DevOps teams to incorporate vulnerability management into their practices to ensure the security of their software throughout the development lifecycle. [ more ]
DevOps.com
5 months ago
Information security

Vulnerability Management for DevOps Teams: A Practical Guide - DevOps.com

Vulnerability management is a continuous process of identifying, prioritizing, and resolving security vulnerabilities in software systems.
It is important for DevOps teams to incorporate vulnerability management into their practices to ensure the security of their software throughout the development lifecycle. [ more ]
DevOps.com
5 months ago
DevOps

Is SASE the DevSecOps of Infrastructure Management? - DevOps.com

DevSecOps integrates security into the entire software development lifecycle.
SASE provides a cloud-native framework for secure connectivity across edge locations. [ more ]
DevOps.com
5 months ago
Software development

Veracode Extends DAST Reach Left Toward Developers - DevOps.com

Veracode has launched an automated dynamic application security testing (DAST) tool called DAST Essentials that can be embedded within an integrated development environment.
Veracode has also released a Veracode GitHub App that allows developers to configure DAST tools to automatically scan code whenever it is added to a repository.
The goal is to automate code scanning and remediation throughout the software development lifecycle, with plans to extend DAST tool integration into additional software repositories and scan code after deployment in the future. [ more ]
DevOps.com
5 months ago
Software development

Veracode Extends DAST Reach Left Toward Developers - DevOps.com

Veracode has launched an automated dynamic application security testing (DAST) tool called DAST Essentials that can be embedded within an integrated development environment.
Veracode has also released a Veracode GitHub App that allows developers to configure DAST tools to automatically scan code whenever it is added to a repository.
The goal is to automate code scanning and remediation throughout the software development lifecycle, with plans to extend DAST tool integration into additional software repositories and scan code after deployment in the future. [ more ]
moreDevSecOps
Sitepoint
1 week ago
Artificial intelligence

Enhancing DevSecOps Workflows with Generative AI

Generative AI in DevSecOps streamlines workflows, enhances quality and security, emphasizing integration across the development process. [ more ]
DevOps.com
2 months ago
Artificial intelligence

JFrog Extends MLOps Integration Efforts via Qwak Alliance - DevOps.com

JFrog integrates with Qwak for DevSecOps collaboration
MLOps platforms streamline AI model building [ more ]
DevOps.com
2 months ago
Artificial intelligence

Cycode Brings Generative AI to App Security Posture Management - DevOps.com

Cycode adds generative AI to ASPM platform for root cause analysis
New features include plugins for IDEs and connectors to security tools [ more ]
DevOps.com
3 months ago
Artificial intelligence

OpenText Extends Tool for Auditing Source Code Using Machine Learning - DevOps.com

OpenText has updated its Fortify Audit tool with machine learning algorithms to provide deeper insights into on-premises IT environments.
The latest version of Fortify Audit Assistant can detect drift in a model and automatically refresh it, and now supports more than 30 language-specific models. [ more ]
Amazic
5 months ago
Artificial intelligence

GitLab Continues AI Momentum with Enhanced AI-Powered DevSecOps Workflows - Amazic

GitLab announces updates to GitLab Duo, including the beta of GitLab Duo Chat and the general availability of GitLab Duo Code Suggestions.
GitLab Duo Chat provides users with real-time guidance and suggestions for analyzing code, troubleshooting, and more.
GitLab Duo reduces toolchain sprawl, leading to faster cycle times and improved developer productivity. [ more ]
InfoQ
3 weeks ago
DevOps

Application Security Optimised for Engineering Productivity

Effective security ownership is promoted by understanding developers' experiences with security processes and tooling. [ more ]
New Relic
1 month ago
DevOps

New Relic Named Cloud Observability Leader in GigaOm 2024

New Relic named a Leader in GigaOm Radar for Cloud Observability for the third consecutive year.
New Relic showcases non-stop innovation with 80+ enhancements and unique usage-based pricing model. [ more ]
The New Stack
2 months ago
DevOps

Will Generative AI Kill DevSecOps?

GenAI is not displacing DevSecOps, but it is challenging them to keep up with the speed of code development. [ more ]
InfoWorld
4 months ago
DevOps

3 ways to reduce stress on the DevSecOps team

94% of CISOs suffer from work-related stress
81% of workers reported workplace stress affecting their mental health in 2022 [ more ]
DevOps.com
5 months ago
DevOps

Vulnerability Management for DevOps Teams: A Practical Guide - DevOps.com

Vulnerability management is a continuous process of identifying, prioritizing, and resolving security vulnerabilities in software systems.
It is important for DevOps teams to incorporate vulnerability management into their practices to ensure the security of their software throughout the development lifecycle. [ more ]
DevOps.com
5 months ago
DevOps

Veracode Extends DAST Reach Left Toward Developers - DevOps.com

Veracode has launched an automated dynamic application security testing (DAST) tool called DAST Essentials that can be embedded within an integrated development environment.
Veracode has also released a Veracode GitHub App that allows developers to configure DAST tools to automatically scan code whenever it is added to a repository.
The goal is to automate code scanning and remediation throughout the software development lifecycle, with plans to extend DAST tool integration into additional software repositories and scan code after deployment in the future. [ more ]
DevOps.com
1 month ago
Software development

From Chaos to Clarity: Streamlining DevSecOps in the Digital Era - DevOps.com

The mix of security tools in DevSecOps can create discord due to redundant alerts and lack of context.
Prioritizing vulnerability backlog based on impact is crucial for improving security posture. [ more ]
DevOps.com
2 months ago
Software development

GitGuardian Allies With CyberArk to Better Protect App Secrets - DevOps.com

GitGuardian has partnered with CyberArk to streamline secrets detection and management by integrating their platforms.
CyberArk Conjur Cloud is now integrated with HasMySecretLeaked to cross-reference secrets against a private database of exposed secrets. [ more ]
DevOps.com
5 months ago
Software development

Vulnerability Management for DevOps Teams: A Practical Guide - DevOps.com

Vulnerability management is a continuous process of identifying, prioritizing, and resolving security vulnerabilities in software systems.
It is important for DevOps teams to incorporate vulnerability management into their practices to ensure the security of their software throughout the development lifecycle. [ more ]
DevOps.com
3 months ago
Privacy professionals

5 Security Threats DevOps Teams Should Know - DevOps.com

DevOps security involves integrating security practices into the DevOps process.
DevOps security requires a cultural shift and the integration of security into every aspect of development and operations processes. [ more ]
DevOps.com
5 months ago
DevOps

EP 40: DevOps Building Blocks Part 3 - Making the "Sec" in DevSecOps Happen - DevOps.com

Security should be a top priority from the start to prevent breaches and losses.
DevSecOps integrates security early in the SDLC to address risks promptly. [ more ]
[ Load more ]