Sign up for our newsletter!
Stay informed on the latest DevOps news

staging-devopsy.kinsta.cloud

Tag: Secure software delivery

supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning

| | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attack
DevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
DevSecOps, roles, security

The DevSecOps Career Path: What No One Tells You About Getting Started

| | CI/CD security, Cloud Security, container security, developer security skills, devops security, DevOps to DevSecOps, devsecops, DevSecOps career transition, DevSecOps certifications, DevSecOps roadmap, DevSecOps skills, infrastructure as code security, OWASP Top 10, Secure software delivery, supply chain security
DevOps teams across organizations are suddenly finding themselves responsible for security with no roadmap. One day, teams are focused on deployment velocity and infrastructure automation, the next day, they're expected to understand ...
scanning, vulnerability, DevSecOps, security, Gitlab, CI/CD, ArmorCode, AI, Veracode, risk, devsecops, AI, security, developers, organizations, code, SBOMs, DevSecOps

What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today? 

| | application security, CI/CD security, context-aware scanning, developer-friendly security, DevOps security integration, devsecops, modern security tools, noise reduction in alerts, real-time scanning, Secure software delivery, security feedback loop, security in pipelines, software vulnerabilities, vulnerability management metrics, vulnerability scanning
Traditional vulnerability scanning can’t keep pace with CI/CD. Learn how real-time, context-aware scanning reduces noise, speeds fixes, and enables secure DevSecOps at scale ...
CI/CD, building, Argo CD, pipeline, misconfigured, CI/CD, pipelines, pipeline, identity, zero trust, CI/CD, pipelines, AI/ML, database, DevOps, pipelines eBPF Harness CI/CD

Why CI/CD Pipelines Break Zero-Trust: A Hidden Risk in Enterprise Automation

| | CI/CD security, Open Policy Agent (OPA), Secure software delivery, SPIFFE / SPIRE, Workload attestation, zero-trust
This article highlights a critical blind spot in pipeline security: The gap between job identity and runtime trust. Here’s how organizations can finally close it.  ...