In today’s fast-paced software development landscape, Continuous Integration and Continuous Deployment (CI/CD) pipelines are essential for delivering applications efficiently. However, the speed and automation they offer can inadvertently introduce security vulnerabilities if not properly managed. Integrating security into CI/CD pipelines, often referred to as DevSecOps, is no longer optional; it’s a necessity. The Importance of […]
Checkmarx Acquisition of Tromzo Accelerates Plan to Apply AI to Application Security
Checkmarx accelerates its AI-driven DevSecOps strategy after acquiring Tromzo, integrating AI agents to automate application security across the software development lifecycle.
JFrog Adds Ability to Track Usage of AI Coding Tools
JFrog introduces AI-Generated Code Detection and Shadow AI Detection tools to identify AI-created code, track model usage, and enhance DevSecOps governance across software supply chains.
SBOMs Are Not Enough
Track your components, patch when needed and you’ve got your risk covered. But that’s only part of the story.
The IT-DevOps Life Cycle is Like a Pyramid That Keeps Growing
For the most part, the demand for new technology to solve age-old problems has been a net increase in workload.
It’s Funny How We Forgot About Container Sprawl
Don MacVittie explains how DevOps technology and tools have saved developers from the horrors of container sprawl.
ForAllSecure Streamlines Application Security Testing
ForAllSecure provided early access to dynamic SBOM generation and SCA validation capabilities within its Mayhem Security automated code and API testing tool.
Technical Debt: Don’t Buy Buzzwords
Buying into the ‘next big new shiny thing’ only increases your technical debt. Don MacVittie advises only buying what’s necessary.
Low-Hanging Fruit, 2023 Edition: Part Two
Last time, we discussed setting up a comparative inventory system for your growing API footprint. The idea is that as security catches up to new technology deployments, enterprises will have to step up their game and implement those new technologies. API security is currently the biggest need because of exposure to the world, but not […]
The Security Pipeline
Over the last few years, the ability to secure our applications has grown, and deep integration into the DevOps toolchain has, too. There are more tools doing more security checks protecting more of the infrastructure and source than there have ever been. The key is putting them to use intelligently. We now have the ability […]