DevSecOps
Why AI code assistants need a security reality check
In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development …
Vet: Open-source software supply chain security tool
Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition …
Development vs. security: The friction threatening your code
Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s …
GitLab CISO on proactive monitoring and metrics for DevSecOps success
In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating …
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every …
Applying DevSecOps principles to machine learning workloads
Protecting data and other enterprise assets is an increasingly challenging task, and one that touches nearly every corner of an organization. As the complexity of digital …
Zarf: Open-source continuous software delivery on disconnected networks
Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is …
6 keys to navigating security and app development team tensions
There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are …
Integrating software supply chain security in DevSecOps CI/CD pipelines
NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, …
How to make developers accept DevSecOps
According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the …
4 warning signs that your low-code development needs DevSecOps
Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will …
The must-knows about low-code/no-code platforms
The era of AI has proven that machine learning technologies have a unique and effective capability to streamline processes that alter the ways we live and work. We now have …
Featured news
Resources
Don't miss
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)
- RIFT: New open-source tool from Microsoft helps analyze Rust malware
- Are we securing AI like the rest of the cloud?
- How exposure-enriched SOC data can cut cyberattacks in half by 2028
- Europe’s AI strategy: Smart caution or missed opportunity?