DevSecOps is the DevOps community’s approach to bringing security into the development lifecycle. Businesses want to deliver software, but cannot afford to release unreliable or insecure applications— therefore security needs to be baked in much sooner than it has traditionally been.
DevSecOps shifts security ‘left’ to find and fix vulnerabilities earlier in the software development life cycle. It includes the benefits of DevOps such as developing, deploying and delivering new features at a rapid pace, but it also provides a more proactive approach to identifying and addressing bug in real time to bring security risks significantly down.
Just like DevOps, culture will remain a barrier to a successful DevSecOps solution. In addition to bringing the developers and operation teams together, now they need to figure out how to work with the security team towards the same goals and objectives. Bringing the security team in sooner will help them understand the code and work with the development team in a more productive manner.
Developers, and the software they develop, are the most popular attack vector for today’s hackers and bad actors. The many development tools and processes, not to mention thousands of open-source libraries and binaries, all introduce opportunities for malicious or even accidental injection of risk across the entire software supply chain. In response to this expanding … continue reading
GitLab announced limited availability of GitLab Dedicated, a platform for securely and privately hosting and managing GitLab instances, which makes the company’s DevSecOps platform available as a single-tenant SaaS solution. It provides advanced features such as automated backups, high availability, and automation of operations. It also offers a managed environment for hosting and managing Kubernetes … continue reading
Snyk announced many innovations that extend the scope of the company’s Developer Security Platform during its SnykLaunch Fall 2022 event. This includes the general availability of Snyk Cloud, which offers tools to help fix software vulnerabilities such as a vulnerability scanner and a patch management system that was launched in July 2022 with limited availability. … continue reading
Tel Aviv, Israel, September 29, 2022 — Ox Security, the end-to-end software supply chain security platform for DevSecOps, exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft’s venture fund, with participation from Rain Capital. OX was founded less than a year ago by Neatsun Ziv and Lior Arzi, … continue reading
CloudBees acquired the ReleaseIQ DevOps Platform to expand the company’s DevSecOps capabilities and to empower customers with a low-code, end-to-end release orchestration and visibility solution. The SaaS offering enables DevOps organizations to compose and analyze workflows, and also orchestrate a combination of CI/CD technologies including Jenkins without the need to migrate or replace. “The decision … continue reading
The API security and observability company, Traceable AI, today announced that its API Security Testing solution in its API Security Platform is now generally available. This allows users to test any API in pre-production for vulnerabilities, accuracy, reliability, and security. According to the company, this release ensures that all APIs are aligned with the highest … continue reading
Copado, the low-code DevOps company, today launched a new DevSecOps training module in order to make software releases faster and more secure. The module is currently available in the Copado Community. “Without DevSecOps best practices, software releases can be plagued with quality and security issues, costing more time and money post-production to correct them,” said … continue reading
Checkmarx API Security was launched to empower the partnership between the developer and AppSec teams of an organization and is delivered as part of the Checkmarx One application security platform. Because APIs are used to access data and to call application functionality, they are easily exposed but difficult to defend which creates a large and … continue reading
The developer security company, Snyk, today announced the launch of its comprehensive cloud security solution, Snyk Cloud. This extends the company’s existing developer security platform, enabling more organizations to embrace DevSecOps and facilitate collaboration between developers, operations, security, and compliance teams. According to Snyk, this release allows global developers to take full ownership of their … continue reading
As security continues to shift left and DevSecOps efforts expand, software security best practices are rapidly evolving. The State of Software Security Report conducted by the application security company Veracode, showed that on average, organizations are running scans on their apps 20 times more than they were just 10 years ago. With this, the report … continue reading
For a long time, security teams have been able to mostly rely on the safety of a security perimeter, but with things like IoT, embedded development, and now remote and hybrid work, this notion of a defensible perimeter is totally gone. Having all of these connected devices that don’t live under one network expands the … continue reading
The following is a listing of DevSecOps tool providers, along with a brief description of their offerings. Bridgecrew by Prisma Cloud automates security from code to cloud. By embedding earlier in the DevOps lifecycle, Bridgecrew enables developers to write secure code without slowing them down. In addition to its DevSecOps tools and integrations, Bridgecrew’s platform … continue reading