Image

Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: devsecops

Why AI-Generated Code Is Raising the Stakes for Secrets Management

Why AI-Generated Code Is Raising the Stakes for Secrets Management

| | ai, devsecops, GitGuardian, secrets management, Software Supply Chain Security
Following a $50 million funding round, GitGuardian CEO Eric Fourrier discusses why secrets security is becoming a much bigger problem in the age of AI-generated code and autonomous agents. As more organizations ...
When AI Gets It Wrong: The Insecure Defaults Lurking in Your Code

When AI Gets It Wrong: The Insecure Defaults Lurking in Your Code

| | ai, authentication, cryptography, devsecops, GenAI, sdlc, SQL
The arrival of generative AI in the software development lifecycle (SDLC) is arguably the biggest shift in coding in decades. For development teams, tools like GitHub, Copilot, and other AI assistants act ...
Malicious NPM Package Gets Downloaded 50K Times Before Discovery

Malicious NPM Package Gets Downloaded 50K Times Before Discovery

| | ai, APIs, devsecops, NPM, Tenable
A malicious package downloaded approximately 50,000 times from a node package manager (npm) is providing an object lesson for adopting more DevSecOps best practices. Security researchers from Tenable discovered a “ambar-src” package ...
ADM Palo Alto Networks Mendix CI/CD dependency AppSmith impact mapping

How OPA Changed Our Go-No-Go Forever

| | application release management, CI/CD, devsecops, OPA, policy as code
Learn how Open Policy Agent (OPA) transformed go/no-go releases from subjective meetings into automated, auditable, policy-driven decisions embedded directly in the CI/CD pipeline ...
Harness Makes Registry for Integrating Artifacts into DevOps Workflows Available

Harness Makes Registry for Integrating Artifacts into DevOps Workflows Available

| | Artifact Registry, devsecops, Harness, RBAC
Harness today made generally available an Artifact Registry it has added to its portfolio of DevOps tools and platforms. At the same time, Harness also revealed it has added a Dependency Firewall ...
CI/CD, gearset, future low-code CI/CD release metrics CircleCI Future of DevOps and CI/CD - Predict 2021

GitOps Implementation at Enterprise Scale — Moving Beyond Traditional CI/CD 

| | ArgoCD, change traceability, CI/CD migration, CI/CD reliability, cloud native delivery, configuration drift, declarative infrastructure, deployment automation, deployment rollback strategy, DevOps at scale, devsecops, dora metrics, gitops, GitOps adoption, GitOps security, infrastructure as code, Kubernetes continuous delivery, platform engineering, policy as code, pull-based deployments
Traditional CI/CD pipelines hit scaling limits. Learn how GitOps improves deployment reliability, security, and DORA metrics—and what it takes to migrate successfully ...
Claude Code Security Finds the Bugs That Static Analysis Can't — and Wall Street Noticed

Claude Code Security Finds the Bugs That Static Analysis Can’t — and Wall Street Noticed

| | code security, devsecops, DevSecOps teams, wall street
Claude Code Security scans code like a human researcher, not a rule engine. Anthropic found 500+ decade-old bugs — and cybersecurity stocks felt it ...
Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS

Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS

| | AI coding, AWS, Checkmarx, devops, devsecops
Checkmarx this week revealed it has added support for the Kiro artificial intelligence (AI) coding tool provided by Amazon Web Services (AWS) to its Checkmarx Developer Assist that leverages AI to surface ...
toolchain GitLab survey

Tool Fragmentation is Breaking Delivery Context — Here’s What Teams are Learning 

| | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token management
Explore the emerging crisis in application delivery caused by tool fragmentation in modern software development. This article discusses the need for semantic interoperability, context preservation, and a shift from linear pipelines to ...
performance testing, CI/CD, building, Argo CD, pipeline, misconfigured, CI/CD, pipelines, pipeline, identity, zero trust, CI/CD, pipelines, AI/ML, database, DevOps, pipelines eBPF Harness CI/CD

Secrets Management Failures in CI/CD Pipelines 

| | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token management
Explore the critical role of secrets management in CI/CD pipelines and its impact on cybersecurity. This article highlights the risks of credential exposure, the importance of implementing strong security practices, and how ...
Prompt Injection Isn’t Just a Chat Problem — It’s a DevOps Threat 

Prompt Injection Isn’t Just a Chat Problem — It’s a DevOps Threat 

| | ai, devops, devsecops, pipeline breach, prompt injection
Prompt injection is evolving into a serious DevOps threat, enabling AI agents to misuse tools, leak secrets and execute unauthorized actions unless governed with least privilege, sandboxing and human approval.  ...
Bridging the Dev–Security Gap With Smarter Authorization

Bridging the Dev–Security Gap With Smarter Authorization

| | ai, Cybersecurity, devsecops, GenAI
Software teams have always lived with a built-in tension – developers push to ship fast, while security teams pump the brakes to assess risk. Now, with AI flooding the enterprise, that friction ...
Show More