DevSecOps
Lineaje Leverages AI Agents to Secure Open Source Packages and Images
Lineaje has added artificial intelligence (AI) agents that leverage multiple types of code scanners to ensure the open-source software packages and artifacts being used by application developers are truly secure ...
Cycode Adds AI Agent Teammates to Secure Software Supply Chains
Cycode, this week, added multiple artificial intelligence (AI) agents to its application security posture management (ASPM) capable of monitoring code and offering remediation suggestions. In addition, the company is adding an ability ...
Endor Labs Adds AI Agents to Automate Application Security Reviews
Endor Labs today added a set of artificial intelligence (AI) agents to its platform, specifically trained to identify security defects in applications and suggest remediations. Fresh off raising an additional $93 million ...
Veracode Extends Scope and Reach of DevSecOps Portfolio
Veracode today updated its risk management tool to provide integration with Kubernetes runtime environments, increased integration with code repositories to make it simpler to identify the origin of vulnerabilities and, available shortly, ...
AI-Generated Code Packages Can Lead to ‘Slopsquatting’ Threat
Jeff Burt | | AI code generation, AI hallucinations, Large Language Models, slopsquatting, software supply chain risksAI hallucinations – the occasional tendency of large language models to respond to prompts with incorrect, inaccurate or made-up answers – have been an ongoing concern as the enterprise adoption of generative ...
Report: Commercial Software Just as Vulnerable as Open Source
An analysis published by ReversingLabs, a provider of tools for securing application development environments, suggests that commercial software used in software supply chains is just as vulnerable as open-source code ...
Report: Bulk of Application Vulnerabilities Don’t Require Immediate Attention
An analysis of more than 101 million application security alerts conducted by OX Security, a provider of an application security posture management (ASPM) platform, finds only 2% to 5% require immediate action, ...
Demystifying Code-to-Cloud Security
Code-to-cloud security is considered the future of application security, as it helps lower expenses, prevents data breaches and ensures compliance infringement, thereby protecting an organization’s reputation. ...
Securing the Future: DevSecOps in the Age of Artificial Intelligence
Why DevSecOps is a critical discipline in the AI era, the benefits and challenges of integrating AI into DevSecOps pipelines and why it provides a framework for successfully adopting these emerging technologies. ...
The DevOps Bottleneck: Why IaC Orchestration is the Missing Piece
If you work in DevOps, you’ve heard it a thousand times: “Do more with less.” More automation, more security, more reliability—but with the same (or fewer) people. Meanwhile, your development teams keep ...
JFrog Survey Surfaces Limited DevSecOps Gains
A global survey of 1,402 application developers, cybersecurity and IT operations professionals finds 71% work for organizations that, despite any potential vulnerabilities, still allow developers to download packages directly from the internet ...
Pulumi Extends Security Reach to Include Managing Secrets and Policy-as-Code
Pulumi today extended the reach of its Environments, Secrets and Configurations (ESC) platform for managing infrastructure-as-code (IaC) into the realm of DevSecOps by adding the ability to manage secrets and implement policies ...
