Devsecops | News, how-tos, features, reviews, and videos

programmer certification skills code devops glasses student by kevin unsplash
noops code developer devops html web developer by mazimusnd getty

API security alert / software development / application flow chart diagram

How the Secure Software Factory Reference Architecture protects the software supply chain

This breakdown of the Cloud Native Computing Foundation's secure software factory guidance focuses on software provenance and build activities.

programmer certification skills code devops glasses student by kevin unsplash

Software supply chain security fixes gain prominence at RSA

Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.

certification programmer binary laptop devops by pixabay

Sigstore explained: How it helps secure the software supply chain

The free sigstore signing service helps developers establish provenance and integrity of open-source software.

noops code developer devops html web developer by mazimusnd getty

The Open Source Software Security Mobilization Plan: Takeaways for security leaders

The plan from the Linux Foundation and OpenSSF presents three goals to improve open-source software security during development and more effectively address vulnerabilities.

female developer programmer devops next generation it staff

New Mend service auto-detects and fixes code, app security issues

Mend, formerly WhiteSource, announces new service designed to detect and fix code security issues, reduce the software attack surface and application security burden.

open source box open box out of the box empty

Google to launch repository service with security-tested versions of open-source software packages

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.

sucessfully transitioning to devsecops

Rezilion launches Dynamic SBOM for software supply chain devsecops

Rezilion’s new Dynamic SBOM (software bill of materials) works with its devsecops platform and is designed to help security teams understand how software components are being executed in runtime.

programmer certification skills code devops glasses student by kevin unsplash

Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets

The software provider has also enhanced its underlying security and compliance mechanism Chef InSpec with new features.

Application security  >  Software code + data protected with a lock

7 top software supply chain security tools

These tools will help identify vulnerabilities and threats posed by third-party code through software composition analysis and SBOM creation.

4 .root cause exploits breach raining data binary psd

New attack surface management product takes full-stack aim at software supply chain threats

Data Theorem's Supply Chain Secure offers continuous runtime analysis and dynamic inventory discovery.

A network of connected virtual container blocks.

Managing container vulnerability risks: Tools and best practices

The sooner you can identify vulnerabilities in containers, the better, and this advice on practices and tools can help.

female developer programmer devops next generation it staff

Fuzzing tool company launches initiative to secure open-source software

ForAllSecure offers to pay developers to use its software to eliminate exploits in their code.

Abstract Java code

Spring4Shell patching is going slow but risk not comparable to Log4Shell

More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.

A magnifying lens examines top secret information amid binary code.

Keeping secrets in a devsecops cloud-native world

Good secrets management practices can help identify and mitigate the risk to credentials, access keys, certificates and other sensitive data.

alone at night along a dimly lit path / security / suspicious / threat / hacker

IriusRisk launches Open Threat Model standard to secure software development lifecycle

The OTM standard, published under a Creative Commons license, aims to generate greater connectivity and interoperability between threat modeling and the software development lifecycle.

CSO: Have you met these hackers? [slide 07]

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.

noops code developer devops html web developer by mazimusnd getty

Codenotary adds vulnerability scanning to its repertoire

With new addition, company's cloud solution boasts end-to-end protection of software supply chain.

sucessfully transitioning to devsecops

Deepfence revamps ThreatMapper with new scanner, runtime SBOMs

The latest version of open-source ThreatMapper includes a secret scanner to observe and report sensitive information left inadvertently in production environments, and the ability to generate runtime SBOMs to map and observe key...

Load More
You Might Also Like