Devsecops

Devsecops | News, how-tos, features, reviews, and videos

ship wheel captain leadership
red eyed tree frog

shutterstock 1127162939 traffic light  red yellow green code 1200x800

JFrog Curation blocks malicious open source software packages

DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use.

gears iot

GitLab Dedicated offers single-tenant, SaaS-based devsecops

Service hosted and managed by GitLab is geared to users with strict compliance requirements such as isolation, data residency, and private networking.

Tree roots

Sigstore: Roots of trust for software artifacts

Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.

programmer devops certification skills code data scientist student by fatos bytyqi unsplash

Google launches dependency API and curated package repository with security metadata

With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.

programming / coding elements / lines of code / development / developers / teamwork

Snyk bolsters developer security with fresh devsecop, cloud capabilities

Snyk aims to boost security support for developers across their software supply chains with coding, cloud and devsecops enhancements.

programming / coding elements / lines of code / development / developers / teamwork

Splunk adds new security and observability features

New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.

shutterstock 324149159 cloud computing building blocks abstract sky with polygons and cumulus clouds

How multicloud changes devops

More clouds, more complexity, more challenges. Now’s the time to prepare for the impact multicloud will have on your devops teams.

DevOps DevSecOps Security Pipeline

What is DevSecOps? Securing devops pipelines

DevSecOps evolves devops concepts with tools and practices that embed security in every layer of the software development life cycle. Here's why more companies are embracing DevSecOps.

cloud computing / cloud network

Qualys previews TotalCloud FlexScan for multicloud security management

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Azul detects Java vulnerabilities in production apps

Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.

A network of connected virtual container blocks.

Most reported CVEs for Docker Hub images are harmless

JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

broken chain metal link breach security

Security is hard and won’t get much easier

Software systems are complex, and development teams have conflicting goals. Oh, and people are imperfect.

nw speedometer speed measuring by geralt via pixabay linda perez johannessen via unsplash 2400x1600

7 devops practices to improve application performance

Devops is tough, but the choice between faster development and improving reliability shouldn't be. Consider shifting-left security, better observability, AIops platforms, and more.

conveyor production continuity distribution shipping

Are you ready to automate continuous deployment in CI/CD?

Making the leap from continuous delivery to continuous deployment requires the right skills, practices, and tools. Use this five-point checklist to prepare for launch.

apple augmented reality2

Only DevSecOps can save the metaverse

The vast metaverse will also be vast in terms of code, accelerating the demand for supply chain security, automated scanning and testing, and continuous updates.

programmer certification skills code devops glasses student by kevin unsplash

Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets

The software provider has also enhanced its underlying security and compliance mechanism Chef InSpec with new features.

integrated network

3 reasons devops must integrate agile and ITSM tools

Automation and integration are key for companies hoping to modernize dev, ops, and security workflows.

Load More