A guide to DevSecOps tools
Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. The Aqua Container Security Platform protects applications running on-premises or in the cloud, across a broad range of platform technologies, orchestrators and cloud providers. Aqua secures the entire … continue reading
How these companies can help make your applications more secure
Dror Davidoff, co-founder and CEO of Aqua Security Aqua Security enables enterprises to secure their container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security. Images serve as a container’s foundation, and developers can easily pull them from a centralized registry to run containers in … continue reading
Application security needs to shift left
As teams are pressured to release software more rapidly, more and more aspects of software development are being forced to “shift left,” moving up earlier in the development lifecycle. Because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought, said Rani Osnat, VP of … continue reading
What does it take to build a secure app by design?
We are entering a new stage of app development. While, until now, requirements for architecture were left to the discretion of companies, developers and their target audiences, recent legal changes in the European Union and the United States have brought a new player to the table: regulations. Most notably, the EU’s General Data Protection Regulation … continue reading
JFrog Xray 2.0 examines the CI/CD pipeline
JFrog has announced the latest release of its continuous security and universal artifact analysis solution. JFrog Xray 2.0 is designed to give DevOps teams insight into potential problems and the confidence to release into development, deployment and production stages. “Developers are incorporating an ever-growing number of artifacts from external and internal sources into their … continue reading
CA Technologies acquires SourceClear for its DevSecOps portfolio
CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading
Has DevSecOps succeeded in what it was created to accomplish?
At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading
Why 2018 will be a breakout year for DevSecOps
From the WannaCry ransomware attack that resonated across the globe, to the massive Equifax breach and series of security mistakes that followed, 2017 saw a major uptick in cyberattacks, with no signs of slowing down. While each incident was unique, they all highlighted the complexity of applying security at scale. Wrangling the vast number of … continue reading
Developer training is the key to implementing security into DevOps, CA Veracode says
A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment. According to Sonali Shah, VP of product management and marketing for CA Veracode, while the … continue reading
Chef announces InSpec 2.0 with new DevSecOps capabilities
Chef has announced the latest release of its compliance automation tool. InSpec 2.0 is designed to accelerate DevSecOps with cross-functional, infrastructure, security, assessment, and remediation features. “InSpec 2.0 builds on our commitment to build the essential tools and services needed for modern application teams to truly deliver on the promise of DevSecOps, fully integrating security … continue reading
Automating API security testing with a DevSecOps approach
There has been a lot of recent focus of shifting testing left, but a part of that which doesn’t get much attention is API testing. Akshay Aggarwal, CEO of PeachTech and founder and COO of Deja Vu Security, believes that companies can better manage API testing by approaching it in a DevSecOps way. It needs … continue reading
DevOps remains a competitive advantage
DevOps continued to dominate development teams and businesses throughout the year with organizations trying to reap the benefits. A Logz.io study found that despite DevOps being a well-known phenomenon, 50 percent of respondents are still in the process of implementing DevOps or have just implemented it within the past year. In the past year, many … continue reading
