Checking for dependency vulnerabilities in freshly developed software is usually done near the end of the build process. Remediation at that point can be tricky. Now, JavaScript and TypeScript developers can check for vulnerabilities themselves as they – or their agents – write their source code, using an open source project called CVE Lite CLI. […]
Designing an AI-Powered DevSecOps Guardrail Pipeline Using GitHub Actions
By embedding AI-powered guardrails directly into CI/CD pipelines, organizations can detect vulnerabilities earlier, enforce security policies automatically and accelerate secure software delivery.
Modernizing DevOps Security With Intelligent KYC Enforcement Layers
This is where smart KYC enforcement layers fit in — not a compliance box, but an engineering control that is directly part of DevOps processes.
CI/CD Supply Chain Security: Hardening Artifacts, Dependencies, and Delivery Pipelines
Modern CI/CD pipelines have become one of the most attractive attack surfaces in enterprise environments. As organizations push for faster releases, broader automation, and greater reuse of third-party components, the software supply chain has quietly expanded beyond the direct control of any single team. Source code is only one small piece of what ultimately runs in […]
Software Weaponization Raises DevSecOps Stakes
The threat model that DevSecOps teams have been working from for the last decade was built around accidental vulnerabilities — mistakes that needed to be found and fixed before someone exploited them. That assumption is breaking. Vulnerabilities are increasingly being treated as strategic assets, stockpiled by nation-states and threat actors and held back from disclosure […]
OpenSSF’s CRob: ‘The Runway Is Rapidly Running Out’ on EU CRA Readiness
The EU’s Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how they must obey its strictures. MINNEAPOLIS — At Open Source Summit North America, Christopher “CRob” Robinson, Chief Security Architect for the Open Source Software Foundation (OpenSSF), spoke about the European Union’s (EU) Cyber Resilience Act (CRA). CRob […]
1Password Allies With OpenAI to Secure Codex AI Coding Tool
DevSecOps teams can now manage coding agents as a tenant rather than another vault where secrets might be stored, ensuring credentials are never exposed to an AI agent or LLM as plain text. The MCP server does not read or return secret values through the MCP channel, allowing Codex to create environments and invoke applications while the values themselves never leave the 1Password vault.
Why DevOps Is Critical for Modern Business Resilience
Today’s business world operates in a state of constant change. What the customer wants to buy changes quickly, new competitors appear overnight, and cyber threats are changing faster than ever. In this world, the concept of “resilience,” the ability to adapt, to overcome, and to continue to create value for the enterprise despite the changes, […]
AWS Security Agent Brings Full Repository Code Scanning to Preview
Security teams have long relied on static analysis tools to catch vulnerabilities before code ships. Those tools are useful, but they have a fundamental limitation: they match code against known patterns. They don’t understand your application. AWS is taking a different approach with its latest addition to AWS Security Agent. The company recently released full […]
Hacktron Plans to Build AI Platform to Test Code for Vulnerabilities
Hacktron revealed today it is developing a platform that leverages artificial intelligence (AI) to continuously test code for vulnerabilities. Fresh off raising $2.9 million in seed capital, Hacktron founder Zayne Zhang said the company’s platform will employ multiple AI models to test every pull request and code change to identify vulnerabilities that are actually exploitable. […]
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 82
- Next Page »