Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage of colors.js highlight that traditional scanning often fails to detect sophisticated “protestware” or dependency confusion, necessitating 19 practical controls focused on strict intake governance, dependency pinning, and behavioral monitoring to secure the development lifecycle.
The Risk Profile of AI-Driven Development
Analysis arguing that AI-driven code generation accelerates dependency decisions and expands supply-chain risk, requiring shift-left governance, prompt-level controls, automated SBOM/AIBOM visibility, threat-modeling as engineering, and autonomous security to match autonomous development.
Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do
Software supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities. That changed this month, when OWASP elevated software supply chain failures to third place on its 2025 Top 10 list. The OWASP Top […]
Codenotary’s Free SBOM Service Tackles the AI Software Supply Chain
Just because AI is writing your code doesn’t mean you can stop worrying about software bills of materials. While the quality of AI coding remains open to debate, there’s no question that everyone and their dog is using it. That means, if you’re serious about using AI in production, you must track its code in […]
Surprise! Everybody Uses AI Tools for Software Development, Few Do So Securely
AI is generating code faster than teams can secure it, widening software supply chain risk and exposing major gaps in AppSec and governance.
What I’m Thankful for in DevOps This Year: Living Through Interesting Times
Alan reflects on a chaotic yet inspiring year in DevOps, highlighting the rise of AI in engineering, the maturation of DevSecOps, the evolution of hybrid work culture, the surge of platform engineering and IDPs, and the continued strength and inclusivity of the DevOps community — while acknowledging the talent crunch, tool sprawl and security theater that still challenge the industry.
What Fuels AI Code Risks and How DevSecOps Can Secure Pipelines
Modern development teams are under constant pressure to deliver fast, innovate continuously, and stay clear of security threats; all at the same time. Every new feature, every accelerated release, carries the hidden risk of introducing vulnerabilities that can slip past traditional check points. Even the most seasoned developers can unknowingly leave gaps that put applications […]
Cybersecurity Laws Will Shape the Future of DevOps
From the EU’s NIS2 Directive to U.S. SEC breach disclosure rules, cybersecurity regulation is accelerating faster than code releases. DevOps teams must evolve into RegOps—embedding compliance, traceability, and trust directly into their CI/CD pipelines. The future of DevOps isn’t just agile—it’s accountable.
AppOmni Open Sources Heisenberg Tool to Scan Pull Requests for Dependencies
AppOmni has made available an open source tool that automatically scans pull requests (PRs) to flag risky or newly published dependencies before they are merged. Dubbed Heisenberg, the tool can also be used to create a software bill of materials (SBOMs) that makes it easier to discover dependencies as code is being written. Yevhen Grinman, […]
Patch Management is Essential for Securing DevOps
Zero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize vulnerabilities within hours of disclosure, and that puts DevOps teams in a precarious position. The ability to patch quickly and confidently can mean […]
- 1
- 2
- 3
- …
- 6
- Next Page »