A new study from the University of Sydney, UESTC, and Google introduces efficient end-to-end encryption for Git services like GitHub and GitLab. Learn how this breakthrough could secure your code repositories without slowing development.
Build vs. Buy: What it Really Takes to Harden Your Software Supply Chain
When it comes to securing the software supply chain, engineering teams often assume that the choice between building their own hardened images or buying a solution is straightforward…until they try to build the images themselves. As the programmer’s credo goes: “We do these things not because they are easy, but because we thought they’d be easy.” The decision […]
How GitHub Plans to Secure npm After Recent Supply Chain Attacks
GitHub strengthens npm security after Shai-Hulud worm attack with mandatory 2FA, granular tokens, and trusted publishing to protect the open source supply chain.
Nominations Are Open: DevOps Dozen 2025
The DevOps Dozen 2025 awards are open. Celebrate community leaders and tools shaping DevOps, from AI to platform engineering and supply chain security.
Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks
A global survey of 1,500 C-suite and senior executives published today finds about half (49%) concede their organization lacks the visibility needed to fully understand – or even identify – software supply chain risks.
Teleport Unifies Infrastructure and Application Workload Security
Teleport today added an offering that makes it simpler to declaratively secure IT infrastructure and workloads using short-lived X.509 certificates.
Harness Merges with Traceable to Provide Integrated DevSecOps Platform
Harness today announced that Traceable will be merged into the company to create a combined company that will further advance the adoption of best DevSecOps practices across the software development lifecycle (SDLC).
GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs
If left unpatched, the vulnerability in the code repository could let threat actors run malicious code and access sensitive information.
Why DevOps is Key to Software Supply Chain Security
Organizations can maintain their DevOps momentum while protecting the software supply chain by shifting security left.
Techstrong Research: Combatting CI/CD Security Anti-Patterns
Techstrong Research finds the imperative to secure the software supply chain and CI/CD pipelines is undeniable and urgent.