For years, running npm install meant trusting that whatever code got pulled in would behave itself. That trust was often misplaced. Starting in July 2026, npm v12 changes the rules. Install scripts won’t run automatically anymore. Neither will dependencies be pulled from Git repos or remote URLs. All of it becomes opt-in. This is a […]
GitLab Previews Revamped DevOps Platform for the Agentic AI Era
At Transcend 2026, GitLab launched updates to optimize its DevOps platform for AI-generated code, featuring Next Gen Source Code Management, GitLab Orbit, and an AI Governance framework.
Broadcom Aims to Better Secure Spring Applications in the AI Era
Broadcom today released a raft of updates to the open source Spring framework for building Java applications to primarily address a wave of vulnerabilities discovered by researchers using artificial intelligence (AI) tools. At the same time, Broadcom is also adding a managed service through which organizations can secure thousands of Spring dependencies for organizations building […]
Secure Code Warrior Leverages AI to Extend DevSecOps Training Reach
Secure Code Warrior this week extended the capability of its artificial intelligence (AI) agent to make it possible to surface relevant training insights in real time as application developers are writing code. Announced at the Gartner Security & Risk Management Summit, the Adaptive Learning capability added to the company’s learning platform detects which AI tools […]
Agentic DevSecOps: AI Security Co-Pilots for Your CI/CD Pipeline
The emergence of AI has brought endless possibilities and innovative opportunities in today’s ever-changing, fast-paced technology landscape. AI is helping development teams produce software significantly faster than ever before. AI-enabled DevSecOps tools can automatically scan code, infrastructure and other configurations for security issues throughout development, accelerating the overall process. The introduction of agentic AI into the software […]
Risk-Based Review for Infrastructure as Code Pull Requests
Not every infrastructure pull request deserves the same review path. A tag change in a development account and a network-policy change in production should not create identical reviewer load. When every change is treated as high risk, reviewers stop trusting the signal. In IaC review, I have seen reviewers spend too much attention on low-risk changes […]
The Silent Risk of AI-Written DevOps Pipelines
These days, when a developer needs a CI/CD pipeline, they don’t always dive into GitHub Actions docs or spin up Jenkins from scratch. Instead, they pull up an AI assistant and type out something like: “Create a deployment pipeline for a containerized application.” Seconds later, the AI spits out a complete workflow. It looks polished. […]
Regression Testing Tools in the Age of AI-Assisted Development: What Has Changed
For most of the past decade, the conversation around regression testing tools was fairly stable. The tools got faster, the integrations got smoother, and the underlying approach stayed largely the same: write tests, run them in CI, fix failures. The fundamental model did not change much because the problem did not change much. AI-assisted development […]
Claude Code Security Catches Vulnerabilities While You Write Code
Claude Code Security uses AI reasoning to catch complex vulnerabilities in code — including logic flaws that traditional static analysis tools consistently miss.
JFrog Report Surfaces Need for Rapid DevSecOps Change in AI Era
A report published by JFrog finds that cybercriminals are now increasingly targeting the artificial intelligence (AI) tools and platforms used by application development teams. Based on an analysis of 18.2 billion artifacts managed via the JFrog Platform, security researchers discovered 969 AI agent skills carrying high-impact payloads in addition to 495 malicious AI models on […]
- 1
- 2
- 3
- …
- 82
- Next Page »