Tag: Software Supply Chain Security
Endor Labs Adds AI SAST Tool to Discover Vulnerabilities in Code
Mike Vizard | | agentic AI, AI code analysis, AI coding tools, application security, broken access control, code scanning, code security, developer security tools, devsecops, false positives reduction, LLM code vulnerabilities, multimodal static analysis, OWASP Top 10, secure design, Software Supply Chain Security, Static Application Security TestingEndor Labs launches an agentic AI-powered SAST tool that drastically reduces false positives, identifies deeper code flaws and helps DevSecOps teams secure AI-generated code across 40+ languages ...
JFrog Adds Ability to Track Usage of AI Coding Tools
Mike Vizard | | AI API management, AI code auditing, AI coding tools, AI compliance tracking, AI Governance, AI in DevOps, AI model inventory, AI risk mitigation, AI-generated code, application security, code risk detection, devsecops, Large Language Models, LLM security, MLOps, SCA, secure coding practices, Shadow AI detection, software composition analysis, software provenance, Software Supply Chain Security, software vulnerabilities, source code scanningJFrog introduces AI-Generated Code Detection and Shadow AI Detection tools to identify AI-created code, track model usage, and enhance DevSecOps governance across software supply chains ...
DevSecOps in Practice: Closing the Gap Between Development Speed and Security Assurance
Usman Peter | | application security automation, automated vulnerability scanning, CI/CD pipeline security, cloud and container security, continuous feedback loops, continuous security integration, developer security mindset, development speed and security balance, devsecops, DevSecOps best practices, risk-based security, SaferNet VPN, Secure DevOps, secure software development, security as code, security automation tools, security champions, security culture, shift left security, Software Supply Chain SecurityIn the world of modern software development, speed is king. Teams are under constant pressure to release features, fix bugs and stay ahead of competitors. Yet, as development velocity increases, so does ...
Establishing Visibility and Governance for Your Software Supply Chain
Parth Patel | | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritizationAsset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
Git Services Need Better Security. Here’s How End-to-End Encryption Could Help
Tom Smith | | code security, devops security, end-to-end encryption, GitLab security, repository protection, secure development practices, Software Supply Chain SecurityA new study from the University of Sydney, UESTC, and Google introduces efficient end-to-end encryption for Git services like GitHub and GitLab. Learn how this breakthrough could secure your code repositories without ...
Build vs. Buy: What it Really Takes to Harden Your Software Supply Chain
Matt Moore | | CI/CD security, container registry security, container vulnerabilities, devsecops, hardened images, Kubernetes security, secure build pipelines, Software Supply Chain SecurityWhen it comes to securing the software supply chain, engineering teams often assume that the choice between building their own hardened images or buying a solution is straightforward…until they try to build the ...
How GitHub Plans to Secure npm After Recent Supply Chain Attacks
Tom Smith | | API token deprecation, CI/CD authentication, crates.io security, npm 2FA, npm registry attack, npm token theft, open source security, package registry malware, PyPI trusted publishing, Shai-Hulud worm, Software Supply Chain Security, trusted publishingGitHub strengthens npm security after Shai-Hulud worm attack with mandatory 2FA, granular tokens, and trusted publishing to protect the open source supply chain ...
Nominations Are Open: DevOps Dozen 2025
Alan Shimel | | agentic AI, AI in DevOps, ci/cd tools, DevOps awards, DevOps community, devops dozen, DevOps evangelist, DevOps leaders, DevOps nominations, devops tools, DevOps vendors, devsecops, generative AI, golden paths, internal developer platforms, observability solution, platform engineering, Predict 2026, Software Supply Chain Security, SRE, TechStrongThe DevOps Dozen 2025 awards are open. Celebrate community leaders and tools shaping DevOps, from AI to platform engineering and supply chain security ...
Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks
Mike Vizard | | news, Software Supply Chain Security, supply chain risks, supply chain vulnerabilities, survey, visibilityA global survey of 1,500 C-suite and senior executives published today finds about half (49%) concede their organization lacks the visibility needed to fully understand – or even identify – software supply ...
Teleport Unifies Infrastructure and Application Workload Security
Teleport today added an offering that makes it simpler to declaratively secure IT infrastructure and workloads using short-lived X.509 certificates ...
Harness Merges with Traceable to Provide Integrated DevSecOps Platform
Harness today announced that Traceable will be merged into the company to create a combined company that will further advance the adoption of best DevSecOps practices across the software development lifecycle (SDLC) ...
GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs
If left unpatched, the vulnerability in the code repository could let threat actors run malicious code and access sensitive information ...
