1Password, the human-centric security and privacy company, today announced a solution intended to help companies improve the way that they manage and secure infrastructure secrets throughout the development lifecycle. According to 1Password, the new features, including the CI/CD integrations and 1Password Shell Plugins, offer developers the opportunity to secure their code by managing keys, credentials, … continue reading
GitLab announced limited availability of GitLab Dedicated, a platform for securely and privately hosting and managing GitLab instances, which makes the company’s DevSecOps platform available as a single-tenant SaaS solution. It provides advanced features such as automated backups, high availability, and automation of operations. It also offers a managed environment for hosting and managing Kubernetes … continue reading
The automated testing company, Code Intelligence, today announced that its open-source Command-Line Interface tool, CI Fuzz CLI, now enables Java developers to include fuzz testing in their current JUnit setup. With this, Java developers can locate functional bugs as well as security vulnerabilities at scale. According to the company, CI Fuzz CLI leverages genetic and … continue reading
Snyk announced many innovations that extend the scope of the company’s Developer Security Platform during its SnykLaunch Fall 2022 event. This includes the general availability of Snyk Cloud, which offers tools to help fix software vulnerabilities such as a vulnerability scanner and a patch management system that was launched in July 2022 with limited availability. … continue reading
Google announced that it open-sourced several components for its secure operating system called KataOS as part of an effort to build verifiably secure systems for embedded hardware. Google Research aims to solve this problem by providing a secure platform optimized for embedded devices running ML applications. SeL4 is the microkernel for the project because it … continue reading
The team at the monitoring and security platform for cloud applications, Datadog, has announced the general availability of Datadog Continuous Testing. This helps developers and quality engineers create, manage, and run end-to-end tests for their web applications. This release is intended to simplify test creation in order to speed up software release cycles by providing … continue reading
Google has announced that it will be supporting passkeys on Android and Chrome. Passkeys are an authentication method that offers an alternative to passwords, and the technology was announced by Apple over the summer at its WWDC conference. For users, using a passkey is similar to confirming the use of a saved password by scanning … continue reading
Endor Labs has officially come out of stealth, launching the company with a Dependency Lifecycle Management Platform that is intended to help development and security teams maximize software reuse by evaluating, maintaining, and updating dependencies. The Endor Labs platform helps organizations manage their dependencies by offering them a deeper understanding of how they are being … continue reading
The NSA and CISA released the guide “Securing the Software Supply Chain: Recommended Practices Guide for Developers” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements. The guide covers aspects of security such as how to … continue reading
The data security and privacy automation company LightBeam.ai today announced a new, free PrivacyOps Pro module in order to help organizations of varying sizes and industries meet specific requirements of international, national, and state data privacy laws. While new data privacy regulations are a step in the right direction for user safety, the disparate nature … continue reading
Application security company Veracode has announced that its Continuous Software Security Platform now supports container security. According to Veracode, containers suffer from a lot of the same issues as traditional physical or virtual server hardware. This includes things like poorly managed secrets and security misconfigurations, both of which are addressed by Veracode’s solution. Veracode also … continue reading
Low-code has many benefits, and they’ve been widely discussed in a number of articles here on SD Times, but one area in which they don’t really have an edge is security. It’s not that low code is more risky than traditional code, but the same risks are there, Jeff Williams, co-founder and CTO of Contrast … continue reading