The use of APIs has skyrocketed over the years and with organizations using so many different types of APIs on a normal basis, API management has become essential for managing the API attack surface. Fifty-one percent of respondents said that more than half of their organizations’ development effort is spent on APIs—compared with 40% of … continue reading
The API security and observability company, Traceable AI, today announced that its API Security Testing solution in its API Security Platform is now generally available. This allows users to test any API in pre-production for vulnerabilities, accuracy, reliability, and security. According to the company, this release ensures that all APIs are aligned with the highest … continue reading
Styra, the company behind Open Policy Agent (OPA), has announced a new solution for scanning configuration files for errors. The new feature, Repo Scan, is included as part of Styra Declarative Authorization Service (DAS). According to Styra, cloud components and platforms like AWS, GCP, and Microsoft Azure are governed and controlled by automated tooling, and … continue reading
Copado, the low-code DevOps company, today launched a new DevSecOps training module in order to make software releases faster and more secure. The module is currently available in the Copado Community. “Without DevSecOps best practices, software releases can be plagued with quality and security issues, costing more time and money post-production to correct them,” said … continue reading
Cloudera announced the launch of Cloudera Data Platform (CDP) One, an all-in-one data lakehouse software for analytics and exploratory data science. The service has built-in enterprise security and machine learning that requires no security or monitoring operations staff, helping companies move to cloud computing for analytics and data. “Empowering everyone in your business to get … continue reading
Almost any company writing software today understands and glorifies the concept of Minimum Viable Product. Creating something that is just good enough for customers to successfully use it is enshrined as the most parsimonious path to profits. MVP has over time taken on additional freight as a general term connoting faster time-to-market for features or … continue reading
Checkmarx API Security was launched to empower the partnership between the developer and AppSec teams of an organization and is delivered as part of the Checkmarx One application security platform. Because APIs are used to access data and to call application functionality, they are easily exposed but difficult to defend which creates a large and … continue reading
Checkov, the open-source tool for finding infrastructure misconfigurations, has been updated with new CI/CD configuration policies. These policies can be applied across popular CI/CD frameworks like GitHub Actions, GitLab Runners, BitBucket Pipelines, CircleCI, and Argo. Checkov has a developer-first approach to supply chain security, so it embeds these CI/CD policies directly into existing DevOps workflows … continue reading
Harness Security Testing Orchestration (STO) was launched today to help businesses deliver value quicker by increasing velocity and security in deployments. The tool automates security scanning and governance in the software delivery process. Although DevSecOps gets rid of many late-stage security concerns, it also forces developers to balance quality and speed at which to deliver … continue reading
The team at Opsera, the Continuous Orchestration platform for DevOps, today announced the release of Opsera GitCustodian. This new solution is intended to alert security and DevOps teams of vulnerable data found in source code repositories so that they can prevent vulnerabilities from making it to production. GitCustodian also works to automate the remediation process … continue reading
As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading
When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS). Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading
