devsecops
By Isaac Sacolick Configuring basic continuous integration and continuous delivery (CI/CD) pipelines that automate packaging, compiling, and pushing code to application delivery environments is considered a fundamental devsecops practice. By automating a path to production, devsecops teams can reduce errors, increase deployment frequency, more quickly resolve production issues, and improve team culture. Creating a basic CI/CD pipeline can be a catalyst for driving a culture of continuous improvement. For example, many teams will add test automation, error checking, and alerting to their pipeli...
Info World
By Paul Krill GitLab has unveiled GitLab 17, a major update of its devsecops platform that brings a CI/CD catalog of reusable pipeline components and an AI impact dashboard. The company also announced GitLab Duo Enterprise, an AI-powered assistant that helps detect vulnerabilities in code and resolve CI/CD bottlenecks. GitLab Duo Enterprise, the subject of a virtual launch event on June 24, combines the developer-focused AI capabilities of GitLab Duo Pro, which include code suggestions and code explanation, with enterprise-oriented AI capabilities for other aspects of the software development ...
Info World
By Isaac Sacolick I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing applications, game-changing analytics capabilities, and more automated workflows. Let’s just say my team and I did a lot of teaching on agile development and nimble architectures. But we also had a lot to learn about deploying highly reliable, performant, and secure applications to our data centers. This was all ...
Info World
By Victor R. Garza The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security and devsecops caught our eye. AppSentinelsAppSentinels touts itself as a comprehensive API security platform, covering the entire application life cycle. The product conducts thorough analyses of the application’s activities and examines its workflows in detail. Once the AppSentinals product understands the...
Info World
By Paul Krill GitHub has introduced Artifact Attestations, a software signing and verification feature based on Sigstore that protects the integrity of software builds in GitHub Actions workflows. Artifiact Attestations is now available in a public beta. Announced May 2, Artifact Attestations allows project maintainers to create a “tamper-proof, unforgeable paper trail” that links software artifacts to the process that created them. “Downstream consumers of this metadata can use it as a foundation for new security and validity checks through policy evaluations via tools like Rego and Cue,” Git...
Info World
By Paul Krill Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog. Released on April 17, the report found that 90% of Java services were susceptible to one or more critical or high-severity vulnerabilities introduced by a third-party library. The average for other languages was 47%. Datadog’s report analyzed tens of thousands of applications and container images and thousands of cloud environments to assess application security. Following Java in the vulnerabilities assessment wer...
Info World
By Paul Krill As of the first quarter of 2024, 83% of developers were involved in devops-related activities such as performance monitoring, security testing, or CI/CD, according to the State of CI/CD Report 2024, published by the Continuous Delivery (CD) Foundation, a part of the Linux Foundation. Released April 16, the State of CI/CD Report 2024 is downloadable from the CD Foundation, authored by developer researcher SlashData, and sponsored by CloudBees, provider of a DevSecOps platform. The report also found that less-experienced developers adopt fewer devops practices and technologies, whi...
Info World
By Paul Krill Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code. Announced April 9, Black Duck Supply Chain Edition is intended to address a rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. Due April 25, the product combines open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to give a view of software ...
Info World
By Paul Krill The key benefits of platform engineering are increased developer productivity, better quality of software, reduced lead time for deployment, and more stable applications, according to Puppet by Perforce’s 2024 State of Devops Report: The Evolution of Platform Engineering. The report is based on a survey of 474 participants who work with a platform engineering team at their organizations. The survey was conducted in the summer of 2023. Other benefits cited include cost savings, reduced time for product development, reduced errors, and reduced risk of security breaches. “Security h...
Info World
By Paul Krill GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security customers. Launched March 20, code scanning autofix makes vulnerability fixes available right away as a developer is coding, GitHub said. GitHub Copilot AI is used to provide a code suggestion and explanation directly in the pull request. Code scanning autofix covers more than 90% of alert types in JavaScript, TypeScr...
Info World
閲覧を続けるには、ノアドット株式会社が「プライバシーポリシー」に定める「アクセスデータ」を取得することを含む「nor.利用規約」に同意する必要があります。
「これは何?」という方はこちら