DevSecOps
Second Coming of Shai-Hulud Cyberattack Ravages JavaScript Repositories
A major expansion of the self-propagating Shai-Hulud cyberattack aimed at popular node package managers (npms) used by JavaScript application developers is creating a major headache for DevSecOps teams around the globe. Based ...
Patch Management is Essential for Securing DevOps
Alexander Williams | | automated patching, automated rollbacks, canary deployments, CI gating, CI/CD pipelines, cloud-native security, continuous delivery security, CVE scanning, devops best practices, devops security, devsecops, feature flags, mean time to patch (MTTP), observability in devops, patch automation tools, patch management, runtime mitigation, SBoM, security automation, software bill of materials, software vulnerabilities, supply chain security, vulnerability discovery, vulnerability management, zero-day defense, zero-day exploitsZero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...
Minimus Adds VEX Support to Managed Hardened Images Service
Minimus has extended its managed service for providing application developers with hardened images to include support for the Vulnerability Exploittability eXchange (VEX) format used to share data across multiple application security tools ...
ControlMonkey Adds Dashboard to Manage IaC Risk
ControlMonkey today added a risk index dashboard to its automation platform for managing code created using infrastructure as code (IaC) tools based on open-source Terraform software ...
Veracode Allies with Wiz to Bring More Context to DevSecOps Workflows
Veracode today revealed an alliance through which it will integrate its application security posture management (ASPM) platform with the cloud native application protection platform from Wiz ...
GitLab Extends Scope and Reach of Core CI/CD Platform
GitLab Inc. has updated its core continuous integration/continuous delivery (CI/CD) platform to natively provide more artificial intelligence (AI) capabilities, along with built-in software artifact management capabilities and more robust security tools ...
Minimus Unfurls Service for Accessing Secure Software Artifacts
Minimus today at the 2025 RSA Conference launched a managed service through which it ensures application development teams are provided access to a secure set of minimal container images and virtual machines ...
Harness Merges with Traceable to Provide Integrated DevSecOps Platform
Harness today announced that Traceable will be merged into the company to create a combined company that will further advance the adoption of best DevSecOps practices across the software development lifecycle (SDLC) ...
More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts ...
CrowdStrike Software Update Sparks Microsoft Outage, Global Chaos
Airlines, hospitals, banks and other businesses were disrupted when a faulty software update knocked Windows users of their systems ...
An Overview of Continuous Security Testing Processes for DevSecOps
Just getting started with DevSecOps and need a primer for the tools and processes to employ? This should help ...
Lineaje Adds Module to Manage Open Source Software Security Lifecycle
This can help DevSecOps teams identify open source software projects that are not being well maintained ...
