DevSecOps
Bandit: Open-source tool designed to find security issues in Python code
Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way …
CISO Assistant: Open-source cybersecurity management and GRC
CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a …
StackRox: Open-source Kubernetes security platform
Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, …
Docker makes hardened images free open and transparent for everyone
Docker has made its open source Docker Hardened Images project available at no cost for every developer and organization. The catalog contains more than 1,000 container images …
cnspec: Open-source, cloud-native security and policy project
cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and …
AI is rewriting how software is built and secured
AI has become part of everyday software development, shaping how code is written and how fast products reach users. A new report from Cycode, The 2026 State of Product …
PortGPT: How researchers taught an AI to backport security patches automatically
Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as …
DefectDojo: Open-source DevSecOps platform
DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track …
Five habits of highly secure development teams
In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development …
Making security and development co-owners of DevSecOps
In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. …
AI built it, but can you trust it?
In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He …
Healthcare CISOs must secure more than what’s regulated
In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed …
Featured news
Resources
Don't miss
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years
- More employees get AI tools, fewer rely on them at work
- Energy sector orgs targeted with AiTM phishing campaign
- Exposed training apps are showing up in active cloud attacks