Tag: application security
How to Escape the Talent Valley
Dustin Lehr | | ai, AI Governance, AI in software development, application security, developer careers, devsecopsAcross the tech industry a disconcerting trend is emerging, job losses at the hand of a seemingly more efficient and cost-effective employee, artificial intelligence (AI). Software developers in particular have felt the ...
Endor Labs Adds AI SAST Tool to Discover Vulnerabilities in Code
Mike Vizard | | agentic AI, AI code analysis, AI coding tools, application security, broken access control, code scanning, code security, developer security tools, devsecops, false positives reduction, LLM code vulnerabilities, multimodal static analysis, OWASP Top 10, secure design, Software Supply Chain Security, Static Application Security TestingEndor Labs launches an agentic AI-powered SAST tool that drastically reduces false positives, identifies deeper code flaws and helps DevSecOps teams secure AI-generated code across 40+ languages ...
JFrog Adds Ability to Track Usage of AI Coding Tools
Mike Vizard | | AI API management, AI code auditing, AI coding tools, AI compliance tracking, AI Governance, AI in DevOps, AI model inventory, AI risk mitigation, AI-generated code, application security, code risk detection, devsecops, Large Language Models, LLM security, MLOps, SCA, secure coding practices, Shadow AI detection, software composition analysis, software provenance, Software Supply Chain Security, software vulnerabilities, source code scanningJFrog introduces AI-Generated Code Detection and Shadow AI Detection tools to identify AI-created code, track model usage, and enhance DevSecOps governance across software supply chains ...
Establishing Visibility and Governance for Your Software Supply Chain
Parth Patel | | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritizationAsset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today?
Emily Amanda | | application security, CI/CD security, context-aware scanning, developer-friendly security, DevOps security integration, devsecops, modern security tools, noise reduction in alerts, real-time scanning, Secure software delivery, security feedback loop, security in pipelines, software vulnerabilities, vulnerability management metrics, vulnerability scanningTraditional vulnerability scanning can’t keep pace with CI/CD. Learn how real-time, context-aware scanning reduces noise, speeds fixes, and enables secure DevSecOps at scale ...
Qwiet AI Extends Microsoft Support in Platform for Fixing Vulnerabilities
Mike Vizard | | AI agents, AI coding tools, application security, AutoFix, Azure Boards, Azure DevOps, devsecops, github, SARIF, SAST, software security, Swift, vulnerability remediationQwiet AI extends its AI-driven application security platform with deeper Microsoft DevOps integrations, enhanced automation, and expanded AutoFix capabilities to proactively remediate code vulnerabilities ...
Minimus Adds VEX Support to Managed Hardened Images Service
Minimus has extended its managed service for providing application developers with hardened images to include support for the Vulnerability Exploittability eXchange (VEX) format used to share data across multiple application security tools ...
DryRun Security Defines Application Security Policies Using Natural Language
DryRun Security today added an ability to use natural language to define and enforce application security policies as application developers build software ...
DefectDojo Adds Ability to Normalize DevSecOps Data to ASPM Platform
DefectDojo today added a universal parser to its application security posture management platform (ASPM) that makes it possible to normalize data ingested from any DevSecOps tools and platforms that expose data in ...
Microsoft Enlists Endor Labs to Integrate SCA Tool with CNAPP
Microsoft has tapped Endor Labs to incorporate a software composition analysis (SCA) tool into its cloud-native application protection platform (CNAPP) ...
Legit Security Adds Application Security Rating Scorecards to ASPM Platform
Legit Security today added an ability to rate the level of software security that has been attained to its application security posture management (ASPM) platform ...
Elevating DevOps Security: Why Integrating Threat Modeling Transforms Pentesting
Akhil Mittal | | application security, devops security, pentesting, Risk-based security testing, threat modelingDo not stop at compliance — embrace threat-driven pentesting and build a security posture that is ready for the real-world threats your organization faces ...
