Tag: application security
Chainguard Expands Repository to Add More Secure Open Source Libraries
Mike Vizard | | AI agents, application security, dependency layer, devops best practices, DevSecOps practices, Open Source Security Foundation, open source vulnerabilities, secure open source libraries, secure repositories, SLSA framework, software artifacts, software builds, Software Supply Chain SecurityLearn how Chainguard is strengthening software supply chains by expanding its secure repository of Java, JavaScript, and Python libraries, enabling DevOps teams to access components compliant with SLSA framework standards ...
Tool Fragmentation is Breaking Delivery Context — Here’s What Teams are Learning
Arul Watson | | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token managementExplore the emerging crisis in application delivery caused by tool fragmentation in modern software development. This article discusses the need for semantic interoperability, context preservation, and a shift from linear pipelines to ...
Secrets Management Failures in CI/CD Pipelines
Johnbosco Ejiofor | | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token managementExplore the critical role of secrets management in CI/CD pipelines and its impact on cybersecurity. This article highlights the risks of credential exposure, the importance of implementing strong security practices, and how ...
Rein Security Emerges to Analyze Reachability of Application Vulnerabilities
Mike Vizard | | AI-generated vulnerabilities, API security, application security, continuous vigilance, devsecops, funding, Matan Bar Efrat, performance overhead, security automation, software development, software security testing, vulnerability managementRein Security has emerged from stealth to launch an application security platform capable of determining the reach of a vulnerability based on which libraries and application programming interfaces are actually running in ...
Apiiro Guardian Agent Prevents AI Models From Generating Insecure Code
Mike Vizard | | AI code security, AI coding tools, application security, devsecops, prompt rewriting, secure SDLC, vulnerability preventionApiiro launches Guardian Agent, an AI security agent that rewrites prompts in real time to prevent insecure code from ever being generated, reducing vulnerabilities without slowing developers ...
Survey Sees Wider Adoption of AI Coding Tools Creating More DevOps Challenges
Mike Vizard | | AI coding tools, AI productivity, application security, ChatGPT, Code Generation, code review, coding automation, developer survey, devops challenges, GitHub Copilot, sensitive data exposure.Survey reveals 72% of developers use AI coding tools daily, generating 42% of code with AI. Trust issues persist, with 96% doubting AI code correctness ...
Checkmarx Acquisition of Tromzo Accelerates Plan to Apply AI to Application Security
Mike Vizard | | AI agents, AI in cybersecurity, AI-powered security, application security, Application Security Posture Management, ASPM, DAST, devsecops, devsecops automation, SAST, SCA, SDLC security, secure software development lifecycle, Software Supply Chain Security, zero-day vulnerabilitiesCheckmarx accelerates its AI-driven DevSecOps strategy after acquiring Tromzo, integrating AI agents to automate application security across the software development lifecycle ...
How to Escape the Talent Valley
Dustin Lehr | | ai, AI Governance, AI in software development, application security, developer careers, devsecopsAcross the tech industry a disconcerting trend is emerging, job losses at the hand of a seemingly more efficient and cost-effective employee, artificial intelligence (AI). Software developers in particular have felt the ...
Endor Labs Adds AI SAST Tool to Discover Vulnerabilities in Code
Mike Vizard | | agentic AI, AI code analysis, AI coding tools, application security, broken access control, code scanning, code security, developer security tools, devsecops, false positives reduction, LLM code vulnerabilities, multimodal static analysis, OWASP Top 10, secure design, Software Supply Chain Security, Static Application Security TestingEndor Labs launches an agentic AI-powered SAST tool that drastically reduces false positives, identifies deeper code flaws and helps DevSecOps teams secure AI-generated code across 40+ languages ...
JFrog Adds Ability to Track Usage of AI Coding Tools
Mike Vizard | | AI API management, AI code auditing, AI coding tools, AI compliance tracking, AI Governance, AI in DevOps, AI model inventory, AI risk mitigation, AI-generated code, application security, code risk detection, devsecops, Large Language Models, LLM security, MLOps, SCA, secure coding practices, Shadow AI detection, software composition analysis, software provenance, Software Supply Chain Security, software vulnerabilities, source code scanningJFrog introduces AI-Generated Code Detection and Shadow AI Detection tools to identify AI-created code, track model usage, and enhance DevSecOps governance across software supply chains ...
Establishing Visibility and Governance for Your Software Supply Chain
Parth Patel | | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritizationAsset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today?
Emily Amanda | | application security, CI/CD security, context-aware scanning, developer-friendly security, DevOps security integration, devsecops, modern security tools, noise reduction in alerts, real-time scanning, Secure software delivery, security feedback loop, security in pipelines, software vulnerabilities, vulnerability management metrics, vulnerability scanningTraditional vulnerability scanning can’t keep pace with CI/CD. Learn how real-time, context-aware scanning reduces noise, speeds fixes, and enables secure DevSecOps at scale ...
