The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories.
Bridging the Dev and SecOps Gap: How Intelligent Continuous Security Enables True End-to-End Security
Intelligent Continuous Security (TM) (ICS) is the next evolution — harnessing AI-driven automation, real-time threat detection and continuous compliance enforcement to eliminate these inefficiencies. ICS extends beyond DevSecOps to also close security gaps with SecOps, ensuring end-to-end continuous security across the entire software lifecycle.
Sonar Combines SAST and SCA Tools in Single Offer
Sonar today revealed it will at the end of May add an offering that combines its Static Application Security Testing (SAST) tool with the software composition analysis (SCA) tools it gained with the acquisition of Tidelift late last year.
DeepSource Open Sources Globstar Alternative to Semgrep to Analyze Code
DeepSource has made available an open source static code analysis tool, dubbed Globstar, that DevSecOps teams can employ to embed code checkers in their pipelines.
Legit Security Extends ASPM Platform to Provide More Vulnerability Context
Legit Security this week added an ability to determine the level of risk a vulnerability actually represents to its application security posture management (ASPM) platform.
Teleport Unifies Infrastructure and Application Workload Security
Teleport today added an offering that makes it simpler to declaratively secure IT infrastructure and workloads using short-lived X.509 certificates.
Why Has DevSecOps Failed?
DevSecOps is failing because we underestimated the complexity of cultural transformation and the importance of human-centered tools.
North Korea’s Lazarus Group Targets Developers, Supply Chain
North Korea’s notorious Lazarus Group is using an advanced malicious implant to target cryptocurrency wallets and spreading it via legitimate GitHub profile and possibly through npm packages. The ongoing campaign, dubbed Operation Marstech Mayhem, is the example of a threat group using open-source code repositories like GitHub, npm, and Python Package Index (PyPI) in software supply […]
Open Source Software Security Concerns with Spike Curtis
Spike Curtis, principal engineer for Coder Technologies, dives into why open source software security concerns are valid, and why the only viable option is to invest more in securing software supply chains to mitigate potential threats. While open source benefits from community oversight, organizations must vet the projects they rely on to avoid security gaps. […]
How to Prove That Your Security-Aware Developers are a Cut Above the Rest
Security-aware developers are the best first line of defense an organization can have when it comes to software security.
- « Previous Page
- 1
- …
- 6
- 7
- 8
- 9
- 10
- …
- 113
- Next Page »