Devsecops | News, how-tos, features, reviews, and videos

API security alert / software development / application flow chart diagram
programmer certification skills code devops glasses student by kevin unsplash

noops code developer devops html web developer by mazimusnd getty

Rezilion expands SBOM to support Windows environments

Organizations can now apply Rezilion’s SBOM to Windows environments to manage software vulnerabilities and meet regulatory standards.

cloud computing / cloud network

Qualys previews TotalCloud FlexScan for multicloud security management

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Azul detects Java vulnerabilities in production apps

Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.

protective shield / binary code / COVID-19 coronavirus morphology

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...

skull and crossbones in binary code

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

programmer certification skills developer devops data scientist laptop by brayden george unsplash

GitGuardian adds IaC scanning to code security platform to protect SDLC

Vendor says new infrastructure-as-code (IaC) scanning features will help teams develop and run secure code as software development and supply chain security continues to be high on the agenda.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

Profile photo of a developer / programmer reviewing code on monitors in his workspace.

Palo Alto adds software composition analysis to Prisma Cloud to boost open-source security

Palo Alto Networks has added a new SCA solution to Prisma Cloud to help developers safely use open-source software components. The vendor has also introduced a software bill of materials.

software development / application testing / planning / flow chart / diagram

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.

Abstract Java code

8 notable open-source security initiatives of 2022

Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.

certification programmer binary laptop devops by pixabay

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies.

API security alerts displayed on monitors amid binary code / application security

Traceable AI debuts API testing product for its security platform

API testing tool xAST is now folded into Traceable’s existing suite of API analysis and visibility capabilities.

Developers work together to review lines of code in an office workspace.

Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable

VEX adds context to software vulnerabilities to better inform risk assessment decisions.

noops code developer devops html web developer by mazimusnd getty

SBOM formats SPDX and CycloneDX compared

Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.

Score gauge  >  Excellent

How OpenSSF Scorecards can help to evaluate open-source software risks

Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.

API security alert / software development / application flow chart diagram

Traceable AI adds eBPF to security platform for deeper API observability and visibility

API security firm says eBPF will be used to map the API attack surface area of customers, addressing key API security challenges.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty

GitGuardian launches ggcanary project to help detect open-source software risks

GitGuardian says its new open-source canary tokens project helps businesses detect breaches as they unfold.

Hands use a keyboard at a desktop display showing lines of code in a dimly lit workspace.

8 top SBOM tools to consider

These commercial and open-source tools will scan code and create software bills of materials automatically.

Load More
You Might Also Like