AI coding agents are reshaping software development—but they’re also expanding the attack surface. Researchers uncovered a now-patched vulnerability in Anthropic’s Claude Code GitHub Action that could have enabled prompt injection attacks to expose CI/CD secrets, API keys, and credentials. As AI agents gain autonomy in development workflows, organizations must treat untrusted inputs as hostile and rethink CI/CD security models. Natural language is becoming executable code—and attackers know it.
Best Practices for a Secure Software Development Project
The beginning of any new software development project can be daunting, as there are many decisions that need to be made and considerations that must be thought through. Often this includes defining project requirements, selecting the right processes, choosing the right tools and ensuring software security. In this webinar, we will walk you through the […]
Guide for Software Development & Software Security
In order to ensure an efficient, secure and successful software development project, there are many factors that you and your team must consider when starting a new project. The most common and pertinent considerations for many include defining the requirements of the project, selecting the correct processes for each stage of the software development project, […]
DevSecOps for Security and Safety-Critical Software Development
One of the most effective software development practices for safety-critical software is DevSecOps. Put simply, DevSecOps automates development and security processes to ensure the security and reliability of software. Here, we explain what you need to know about DevSecOps. What You Need to Know About DevSecOps Automation DevSecOps is a software development practice that automates […]
Klocwork Is the Ideal Static Analysis Tool for DevOps
Klocwork identifies software security, quality and reliability issues for C, C++, C# and Java helps to enforce compliance with standards. Its in-depth, accurate and precise analysis results have earned Klocwork the trust of industry leaders across a variety of industries. However, Klocwork is more than just a static code analysis tool; it’s also a static […]
Continuous Integration Overview
To improve the efficiency of your software development workflow, you should use continuous integration. We’ll explain what continuous integration is, why it’s important and how it can help you. Continuous Integration in DevOps Continuous integration is the automation of building and testing code each time a change is made in the codebase, and then committing […]
What Is a CI/CD Pipeline? How to Improve CI/CD
The most effective way to ensure that your CI/CD pipeline is efficient is to use the right tool, like a static code analyzer. Here we explain what is a CI/CD pipeline and how a static analysis tool can help. What You Need to Know About CI/CD Pipelines The easiest way to understand a CI/CD pipeline […]
How to Improve Code Quality, Efficiently, with Static Analysis
As hard as they try, no programmer is perfect. Testing and manual code reviews cannot find every problem in their code, so software vulnerabilities and bugs persist. Unfortunately, the amount of software errors will only continue to grow as your systems get larger and more complex. Which begs the question: How can you find all […]
Add Static Code Analysis to Your CI/CD Pipelines
An efficient CI/CD pipeline is necessary for accelerating software delivery without sacrificing quality, and a static code analysis tool is an essential part of that pipeline. A static code analysis tool inspects your code as it is being written to identify defects, vulnerabilities and compliance issues — without having to run the program. What’s more, […]
CI/CD Best Practices for Software Development
Continuous integration (CI) and continuous delivery (CD) are popular software development practices for automation and shortening feedback times. However, set up improperly, your CI/CD pipelines could instead cause delays in development. For that reason, review CI/CD best practices to ensure that your pipelines are effective and efficient. What You Need to Know About Continuous Integration […]