Tag: SBoM
Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do
Joseph M. Saunders | | open source security, OWASP Top 10, SBoM, Software Supply Chain Security, supply chain attacksSoftware supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities ...
Codenotary’s Free SBOM Service Tackles the AI Software Supply Chain
Just because AI is writing your code doesn't mean you can stop worrying about software bills of materials. While the quality of AI coding remains open to debate, there's no question that ...
Surprise! Everybody Uses AI Tools for Software Development, Few Do So SecurelyÂ
Teri Robinson | | AI security, AI-generated code, appsec, code security automation, Dependency Management, devsecops, SBoM, secure coding, software supply chain riskAI is generating code faster than teams can secure it, widening software supply chain risk and exposing major gaps in AppSec and governance ...
What I’m Thankful for in DevOps This Year: Living Through Interesting Times
Alan Shimel | | agentic AI, AI in DevOps, automation in DevOps, burnout in engineering, complexity in DevOps, compliance challenges, developer experience, devops, devops culture, DevOps gratitude, DevOps inclusivity, devsecops, generative AI, hybrid work, incident response, innovation pace, internal developer platforms, machine learning workflows, open source community, platform engineering, regulatory landscape, Remote DevOps, SBoM, secure supply chain, security by design, security theater, self-service pipelines, shift left security, talent crunch, tech layoffs, Tool SprawlAlan reflects on a chaotic yet inspiring year in DevOps, highlighting the rise of AI in engineering, the maturation of DevSecOps, the evolution of hybrid work culture, the surge of platform engineering ...
What Fuels AI Code Risks and How DevSecOps Can Secure Pipelines
Nitin Garg | | AI code risks, AI code security, devsecops, SBoM, secure pipeline, zero-trust securityModern development teams are under constant pressure to deliver fast, innovate continuously, and stay clear of security threats; all at the same time. Every new feature, every accelerated release, carries the hidden ...
Cybersecurity Laws Will Shape the Future of DevOpsÂ
Alexander Williams | | auditability, CI/CD compliance, CISA, compliance-as-code, compliance-driven DevOps, cybersecurity compliance frameworks, cybersecurity regulation, DevOps accountability, devsecops, Executive Order 14028, global cybersecurity laws, governance in DevOps, incident disclosure, NIS2 Directive, RegOps, regulatory DevOps, SBoM, SEC breach disclosure, secure software development, secure-by-design, security automation, software liability, traceability, zero-trustFrom the EU’s NIS2 Directive to U.S. SEC breach disclosure rules, cybersecurity regulation is accelerating faster than code releases. DevOps teams must evolve into RegOps—embedding compliance, traceability, and trust directly into their ...
AppOmni Open Sources Heisenberg Tool to Scan Pull Requests for Dependencies
AppOmni has made available an open source tool that automatically scans pull requests (PRs) to flag risky or newly published dependencies before they are merged. Dubbed Heisenberg, the tool can also be ...
Patch Management is Essential for Securing DevOps
Alexander Williams | | automated patching, automated rollbacks, canary deployments, CI gating, CI/CD pipelines, cloud-native security, continuous delivery security, CVE scanning, devops best practices, devops security, devsecops, feature flags, mean time to patch (MTTP), observability in devops, patch automation tools, patch management, runtime mitigation, SBoM, security automation, software bill of materials, software vulnerabilities, supply chain security, vulnerability discovery, vulnerability management, zero-day defense, zero-day exploitsZero-day exploits don’t wait for anyone and are one of the main reasons why the cybersecurity market will be worth a whopping $256 billion worldwide. In the current threat landscape, attackers weaponize ...
Cycode Previews Ability to Identify AI Tools and Platforms Used to Write Code
Cycode today announced it is providing early access to a capability that identifies which artificial intelligence (AI) coding tools are being employed by application developers in addition to adding an AI Bill ...
Establishing Visibility and Governance for Your Software Supply Chain
Parth Patel | | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritizationAsset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
Worms in the Supply Chain: Shai-Hulud and the Next DevOps Reckoning
Alan Shimel | | artifact provenance, CI/CD security, continuous verification, credential theft, devops security, devsecops, GitHub tokens, npm malware, OIDC, pipeline security, SBoM, Secure software delivery, Shai-Hulud worm, short-lived tokens, Software Supply Chain, supply chain attackDevOps was supposed to make software delivery faster, safer and more reliable. For the most part, it has. But every so often, something nasty crawls out of the shadows and reminds us ...
SBOMs Are Not EnoughÂ
Track your components, patch when needed and you’ve got your risk covered. But that’s only part of the story ...
