A majority of developers feel forced to sacrifice security for the speed that today’s development cycles require. A recent report from WhiteSource found 73% of security teams at organizations are forced to cut corners, and the AppSec tools they use are to check the box towards DevSecOps improvements and are not effectively used. “There are … continue reading
GitHub has announced that its code scanning feature is now available. The new code scanning capability scans code as it is created and provides reviews within pull requests and other GitHub experience. This automating of security helps ensure that vulnerabilities never make it to production, the company explained. Code scanning integrates with GitHub Actions and … continue reading
The Ruby 3.0 preview 1 introduces new features and performance improvements such as the ‘rbs’ gem, which allows parsing and processing type definitions written in RBS. Additionally, the preview has a Ractor experimental feature, with which developers can make multiple tractors and run them in parallel. ‘Thread#scheduler’ is introduced for intercepting blocking operations. This allows … continue reading
Snyk is looking to bolster its security platform with the acquisition of DeepCode, a provider of real-time semantic code analysis. Through its AI-powered platform, DeepCode is able to assist developers with app quality and security. According to Snyk, the addition of DeepCode will add to its existing open-source security, container security and infrastructure as code … continue reading
Microsoft has announced new ways for Windows developers to build applications. The company announced it is working on a unified app platform that will enable developers to leverage new and existing code. With Project Reunion, the company is working to unify access to Win32 and UWP APIs. “We will provide a common platform for new … continue reading
Making security easy for developers, in their preferred tools, while still generating reports for the CISO is a challenge many organizations face today, when the reality is that late-stage security approaches can’t plug vulnerabilities deep within applications. Yet putting the onus squarely on developers is a gamble, as many aren’t knowledgeable about certain kinds of … continue reading
erwin has annoucned the launch of a new cloud migration and data governance suite. The new suite, erwin Cloud Catalyst, helps organizations quickly and safely migrate their data from legacy, on-premise databases to the cloud and then govern those data sets throughout their lifecycle. erwin Cloud Catalyst is comprised of erwin Data Modeler (erwin DM), … continue reading
Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, today announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place. The use of Kubernetes and Containers has skyrocketed in recent years. … continue reading
GraphQL database company Dgraph has announced the release of Slash GraphQL, a fully-managed GraphQL backend service for building GraphQL apps. According to the company, SlashGraphQL features custom logic and access to remote HTTP endpoints, the ability to run graph queries, integration with remote GraphQL servers, and more. “Dgraph is unique: it’s the only native GraphQL … continue reading
Sonatype: The company’s Nexus Platform automatically enforces open-source governance and controls risk across every phase of the SDLC. Fueled by Nexus Intelligence which includes in-depth security, license, and quality information on millions of open-source components across dozens of ecosystems, the platform precisely identifies open-source risk and provides expert remediation guidance, empowering developers to innovate faster. … continue reading
Brian Fox, CTO of Sonatype: Today, more than 1,200 companies rely on the Nexus platform to unite software developers, security professionals, and IT operations on the same team so they can continuously identify and remediate open-source risk, without slowing down innovation. When speed is critical, Nexus ensures that controls keep pace and that innovation prospers. … continue reading
Security has become ever more important in the development process, as vulnerabilities last year caused the 2nd, 3rd and 7th biggest breaches of all time measured by the number of people that were affected. This has exposed the industry’s need for more effective use of security tooling within software development as well as the need … continue reading
