Features
‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses
Jeff Burt | | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLTIn the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
Opsera Report Highlights DevOps Challenges Created by AI Coding Tools
An analysis published today by Opsera, a provider of a DevOps platform, finds that while adoption of artificial intelligence (AI) coding tools has increased developer productivity they also create more duplicate code, ...
AWS CodeBuild Webhook Misconfiguration Exposed Admin Access Risk
Tom Smith | | AWS CodeBuild, AWS open source, build pipeline security, CI/CD security, devops security, GitHub security, regex security, Software Supply Chain, webhook misconfiguration, Wiz ResearchAWS fixed webhook filter misconfigurations in CodeBuild that could have allowed unauthorized repository access. No customer impact or malicious code found ...
Open-Source Coding Agents Just Got Accessible
Tom Smith | | AI code generation, Ai2, coding agents, developer productivity, fine-tuning LLMs, NVIDIA Hopper GPUs, open-source AI, repository-aware AI, SERA coding agents, SWE-Bench VerifiedAi2’s open-source SERA coding agents slash the cost of training repository-aware AI, enabling teams to customize high-performance coding agents on private codebases for as little as $400 ...
Apiiro Guardian Agent Prevents AI Models From Generating Insecure Code
Mike Vizard | | AI code security, AI coding tools, application security, devsecops, prompt rewriting, secure SDLC, vulnerability preventionApiiro launches Guardian Agent, an AI security agent that rewrites prompts in real time to prevent insecure code from ever being generated, reducing vulnerabilities without slowing developers ...
Anthropic Adds Automated Security Reviews to Claude Code
Tom Smith | | AI code security, CI/CD, devsecops, GitHub Actions, secure coding, security review, shift left security, vulnerability detectionAnthropic pulls security into the inner dev loop with new Claude Code tools that scan for vulnerabilities in the terminal and on every pull request—before insecure code ever ships ...
Codenotary’s Free SBOM Service Tackles the AI Software Supply Chain
Just because AI is writing your code doesn't mean you can stop worrying about software bills of materials. While the quality of AI coding remains open to debate, there's no question that ...
Five Great DevOps Job Opportunities
Mike Vizard | | carerrs, cloud engineering jobs, DevOps hiring, devops jobs, DevOps.com careers, jobsThis week, DevOps.com spotlights open roles at NVIDIA, Travelers, Tessera Labs, Sherwin-Williams, and ThinKom Solutions to help engineers advance their careers ...
Futurum Group Survey Sees Increasing Investments in AI to Deliver Software
A global survey of 628 enterprise IT leaders conducted by the Futurum Group finds that increasing investment in generative artificial intelligence (AI) (40%), followed closely by AI and machine learning (ML) technologies ...
N. Korea Contagious Interview Campaign Turns to VS Code to Deliver Backdoor
Jeff Burt | | backdoors, Contagious Interview, Git repositories, github, information stealing, Jamf, North Korea, remote code executionJamf security researchers said state-sponsored espionage actors are using malicious VS Code projects to steal information ...
Legit Security AI Tool Uses Threat Feed to Identify Risks to Software Supply Chain
Legit Security this week added a threat feed that DevSecOps teams can use to instantly determine if a newly discovered vulnerability impacts their software supply chain. Built using the Legit VibeGuard tool, ...
DevOps: The Never-Ending Story
Alan Shimel | | AI and DevOps, devops culture, devops evolution, DevOps tooling, engineering collaboration, is DevOps dead, modern DevOps practices, platform engineering and DevOps, SRE and DevOpsA reflective take from Alan on why DevOps endures, adapts, and remains a human-centered practice in an era of platforms and AI ...
