Broadcom today released a raft of updates to the open source Spring framework for building Java applications to primarily address a wave of vulnerabilities discovered by researchers using artificial intelligence (AI) tools. At the same time, Broadcom is also adding a managed service through which organizations can secure thousands of Spring dependencies for organizations building […]
Secure Code Warrior Leverages AI to Extend DevSecOps Training Reach
Secure Code Warrior this week extended the capability of its artificial intelligence (AI) agent to make it possible to surface relevant training insights in real time as application developers are writing code. Announced at the Gartner Security & Risk Management Summit, the Adaptive Learning capability added to the company’s learning platform detects which AI tools […]
JFrog Report Surfaces Need for Rapid DevSecOps Change in AI Era
A report published by JFrog finds that cybercriminals are now increasingly targeting the artificial intelligence (AI) tools and platforms used by application development teams. Based on an analysis of 18.2 billion artifacts managed via the JFrog Platform, security researchers discovered 969 AI agent skills carrying high-impact payloads in addition to 495 malicious AI models on […]
Why DORA Metrics Look Different When AI Is Part of Your Development Workflow
DORA metrics have been a reliable compass for engineering teams for over a decade. Deployment frequency, lead time for changes, change failure rate, mean time to recovery, and reliability give teams a shared language for talking about delivery performance. The research behind them is solid, the benchmarks are well-established, and most engineering leaders know what […]
The “Day 2” AI Problem: Why Standard API Gateways Fail at GenAI Scale
Injecting GenAI into applications is deceptively easy. Need a new chatbot backed by an LLM? Grab an OpenAI API key and you can throw together an MVP in an afternoon. This is the pattern teams have used to push AI features into apps for the last few years. The problem, as with previous tech hype […]
Your CI/CD Pipeline Has Non-Human Identities You Forgot About
A deployment starts failing late on a Friday evening. The initial assumption is that something changed in the application release. Teams start checking container images, Terraform plans and recent commits. Nothing looks wrong. A few hours later, someone discovers the actual issue: a deployment token tied to an old automation workflow expired months ago. The […]
Continuous Security in DevSecOps: Moving Beyond One-Time Testing
Waiting for a single annual pentest to secure your application is like locking your front door only once a year and hoping for the best. In an era where 133 new vulnerabilities are reported every single day, relying on periodic snapshots leaves your organization exposed to evolving threats for months at a time. This approach is no longer just […]
Beyond the Build: Integrating Security into CI/CD Pipelines
In today’s fast-paced software development landscape, Continuous Integration and Continuous Deployment (CI/CD) pipelines are essential for delivering applications efficiently. However, the speed and automation they offer can inadvertently introduce security vulnerabilities if not properly managed. Integrating security into CI/CD pipelines, often referred to as DevSecOps, is no longer optional; it’s a necessity. The Importance of […]
The Trust Problem With AI Agents in Production Pipelines
AI agents boost DevOps pipelines, but confident failures create risk. Here’s how to design for calibrated trust and human oversight.
From Code to Cloud: How Full-Stack Developers are Taking Over DevOps
Full-stack developers are taking on DevOps, using CI/CD, Docker and Terraform to own the software lifecycle from code to cloud.
- 1
- 2
- 3
- …
- 8
- Next Page »










