Latest coverage for DevSecOps

Goldman Sachs-Led Round Supports Harness's Push Into AI Security and AutomationWith $200 million in Series E funding and a new $5.5 billion valuation, Harness will scale its AI-powered platform for security, compliance and reliability in software development. The investment will support R&D into AI agents, testing, cost optimization and security for AI workloads.

Chainguard provides DevSecOps teams with a library of "secure-by-default" container images so that they don't have to worry about software supply chain vulnerabilities. The startup is expanding its focus to include Java and Linux, as well.

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. [...]

Prompt Injection, HTML Output Rendering Could Be Used for ExploitHackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab's DevSecOps platform to manipulate the model's output, exfiltrate source code and potentially deliver malicious content through the platform's user interface.

Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...]

Merger Combines Application Protection and DevOps to Secure Software at ScaleHarness and Traceable are combining forces to create a DevSecOps platform that seamlessly integrates software delivery with security. The merger addresses the growing need for continuous security along with continuous delivery, ensuring applications remain protected from development to deployment.

Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOpsThe integration of Tidelift into Sonar's ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code.

The journey toward a successful DevSecOps implementation is complex, requiring a strategic approach to overcome the myriad challenges it presents.

$230 Million Acquisition of Qwak Enhances Model Deployment and Security FeaturesJFrog's acquisition of Qwak will integrate advanced MLOps capabilities into the company's existing DevSecOps platforms. The transaction aims to improve model deployment efficiency, enhance security measures and integrate AI development features for end-to-end offerings.

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.

Army Seeking Public Input on $1 Billion Software Modernization Contract VehicleThe U.S. Army is seeking public input on a software development procurement vehicle that aims to enable the rapid development and deployment of secure, modern software as the military branch reforms institutional practices to incorporate DevSecOps into its software development processes.

One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply

Acquisition Promises Enhanced Application Security and Reduced False PositivesThe integration of Oxeye into GitLab’s suite marks a significant leap in the accuracy and efficiency of security scans, directly addressing the challenge of false positives in static application security testing and enhancing software security across development stages, according to GitLab.

The Cycode report draws from a survey of 500 US CISOs, AppSec Directors and DevSecOps team members

Learn the importance of adding security practices into DevOps life cycles and how to make security stronger.

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villains

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year.