Topic: devsecops

Progress acquires Chef to extend DevOps and DevSecOps offerings

Progress announced that it entered into a definitive agreement to acquire Chef to provide complete infrastructure automation to build, deploy, manage and secure applications in modern multi-cloud and hybrid environments, as well as on-premises.  Progress is set to acquire the company for $220 million in cash and is expected to close next month. “Chef has … continue reading

SD Times news digest: Checkmarx teams up with GitLab on DevSecOps, Google DevTools update, and Microsoft TileCode

Checkmarx has announced it will integrate its application security testing solutions directly into the GitLab pipeline.  Developers will now have access to automatic SAST and SCA security scans in the event of pull or merge requests, eliminating time-consuming manual scans and allowing developers to find and fix vulnerabilities earlier in the SDLC and make security assessments … continue reading

SD Times news digest: GrammaTech acquires JuliaSoft, Snyk announces prioritization capabilities, and TigerGraph makes updates to GSQL

Software assurance and cybersecurity company GrammaTech announced it will be acquiring code analysis company JuliaSoft. According to GrammaTech, the acquisition will help it expand the reach of the CodeSonar SAST platform to Java and C#. The new language support extends the automated detection of software vulnerabilities to enterprise use cases where safety and security are … continue reading

SD Times news digest: Cloud Security Alliance’s pillars of DevSecOps automation, dotData Stream, and Dynatrace announces AI observability for Kubernetes

The Six Pillars of DevSecOps: Automation paper published by the Cloud Security Alliance provides a holistic framework for facilitating security automation within DevSecOps as well as best practices. “It’s vital that today’s DevOps teams be agile, able to address user requirements dynamically, release features incrementally, and deliver at a faster pace than their predecessors and … continue reading

GitLab announces new acquisitions for its DevSecOps portfolio

GitLab announced two acquisitions this week focused on providing security to its platform. Peach Tech is a security firm that specializes in protocol fuzz testing and dynamic application security testing, and Fuzzit is a continuous fuzz testing solution. “Bringing the fuzzing technologies of Peach Tech and Fuzzit into GitLab’s security solutions will give our users … continue reading

Chef announces new integrated DevSecOps portfolio for compliance, desktop management and app delivery

Chef announced new capabilities designed to enable coded enterprises to build competitive advantage through automation and DevSecOps innovations.  “Since our last ChefConf, we have been intensely focused on harnessing our long experience in operating at massive scale and speed while enabling unprecedented ease of use,” said Barry Crist, the CEO of Chef. The new Chef … continue reading

Focused on application vulnerabilities? You’re missing the bigger picture

In today’s era of digital transformation, every organization must focus on application security. However, focusing on security vulnerabilities alone is unwise because it’s nearly impossible to prioritize what needs to be done. “DevOps teams are sitting in front of a table with the keys to the kingdom on their computers,” said Jake King, co-founder and … continue reading

4 DevSecOps mistakes to avoid

DevSecOps isn’t just a practice, it’s a continuous learning experience. If you want to be successful faster, avoid these common misconceptions. #1: Business as usual is good enough Cybercriminals are constantly changing their tactics. If your organization’s application security practices are static, they aren’t as robust as they should be. RELATED CONTENT:  How to get … continue reading

How to get DevSecOps right

DevOps and security teams are learning how to work together, albeit somewhat awkwardly in these early days of DevSecOps. One reason why it can be difficult to get the partnership “right” is that people define DevSecOps in different ways. “If you asked a room of 10 people to define DevSecOps, you’d get 15 definitions. I … continue reading

SD Times news digest: Microsoft previews dual-screen SDKs, CloudVector introduces free API observability tool, and Confluent Platform 5.4

Microsoft announced dual-screen preview SDKs as well as new web standards proposals to enable dual-screen experiences for websites and PWAs on both Android and Windows 10X. The preview SDK for Microsoft Surface Duo includes native Java APIs and an Android Emulator with a preview Surface Duo image that is integrated into Android Studio.  Additionally, Microsoft … continue reading

New open-source projects look to secure Kubernetes

Kubernetes security company Octarine has announced two new open-source projects designed to protect against cloud-native security vulnerabilities. The Kubernetes Common Configuration Scoring System (KCCSS) is a framework for rating security risks, and kube-scan is a workload and assessment tool.  “Our mission is to make the adoption of DevSecOps best practices simple, understandable, and achievable for … continue reading

Top considerations for DevSecOps to reduce security risk

To understand an enterprise’s current state of software security risk, executives, security practitioners and development teams need information. Benchmarks provide useful information on performance and risk. However, ideas about which benchmarks are most important will differ depending upon the corporate stakeholder to whom you’re speaking. For example, a business decision-maker has to justify the expense … continue reading

DMCA.com Protection Status