Today’s business world operates in a state of constant change. What the customer wants to buy changes quickly, new competitors appear overnight, and cyber threats are changing faster than ever. In this world, the concept of “resilience,” the ability to adapt, to overcome, and to continue to create value for the enterprise despite the changes, […]
How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe
Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage of colors.js highlight that traditional scanning often fails to detect sophisticated “protestware” or dependency confusion, necessitating 19 practical controls focused on strict intake governance, dependency pinning, and behavioral monitoring to secure the development lifecycle.
Claude Code Security Finds the Bugs That Static Analysis Can’t — and Wall Street Noticed
Claude Code Security scans code like a human researcher, not a rule engine. Anthropic found 500+ decade-old bugs — and cybersecurity stocks felt it.
White Paper: The Future of DevSecOps in a Fully Autonomous CI/CD Pipeline
Abstract The growing complexity of modern software development and the increasing speed at which organizations need to deliver software have led to the widespread adoption of DevOps practices, particularly continuous integration/continuous deployment (CI/CD) pipelines. These pipelines enable rapid development and deployment cycles; however, they also introduce significant security risks that must be addressed continuously. The […]
How Benchmarking Can Help Software Development Teams Achieve CISA’s “Secure by Design”
In April 2023, the Cybersecurity and Infrastructure Security Agency (CISA) launched its Secure by Design initiative, directing technology companies to ‘prioritize the security of customers as a core business requirement, rather than merely treating it as a technical feature’.
The Software Extinction Event That Wasn’t
The world may have just avoided a cybersecurity disaster, with potential impact of CrowdStrike x1000. Imagine if the world’s most pervasive programming language, used in the majority of organizations, services, websites and infrastructure today, was itself made to be malicious? Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker […]
Sumo Logic Previews GenAI Tool to Improve DevSecOps Observability
Sumo Logic this week at the RSA Conference previewed a copilot that leverages generative artificial intelligence (AI) to make it simpler for IT and cybersecurity professionals of varying levels of experience to derive benefits from its observability platform via a user interface (UI) the company is in the process of revamping. In addition, Sumo Logic […]
Securing the DevOps Pipeline: Tools and Best Practices
Because of the critical nature of the DevOps pipeline, security is becoming a top priority. Here’s how to integrate DevSecOps.
5 Security Threats DevOps Teams Should Know
DevOps security (DevSecOps) is about breaking down silos and promoting open collaboration across teams.
Software Deployment Security: Risks and Best Practices
In an era where software is at the heart of every business, deploying applications securely and efficiently has never been more critical.