Topic: security

NIST publishes new draft framework for integrating supply chain security into CI/CD pipelines

The National Institute of Standards and Technology (NIST) published a new draft document that outlines strategies for integrating software supply chain security measures into CI/CD pipelines.  Cloud-native applications typically use a microservices architecture with a centralized infrastructure like a service mesh. These applications are often developed using DevSecOps, which uses CI/CD pipelines to guide software … continue reading

SD Times Open-Source Project of the Week: Contrast Security Generative AI Policy

The main goal of this project created by Contrast Security is to create a clear and usable policy for managing privacy and security risks when utilizing Generative AI and Large Language Models (LLMs) in organizations, according to the project’s GitHub page.  The policy primarily aims to address several key concerns: 1. Avoid situations where ownership … continue reading

CNCF’s Notary and Notation projects get major update

Notary, the CNCF project that provides cross-industry standards for supply chain security, has announced a major release.  This brings both the Notary Project and Notation Project to version 1.0.0. Notation is a sub-project that implements Notary specifications.  Included in this release are an OCI signature specification, OCI COSE signature envelope, OCI JWS signature envelope, OCI … continue reading

Sonatype Drives Intelligent Software Security with New Product Enhancements

Fulton, Md., Aug. 21, 2023 (GLOBE NEWSWIRE) — Sonatype, the pioneer of software supply chain management, has announced new product capabilities for Sonatype Repository Firewall, Sonatype Nexus Repository and Sonatype Lifecycle. Bolstering Sonatype’s industry-leading software supply chain management platform, these enhancements are designed to give organizations greater control of their software development life cycle (SDLC) while meeting the evolving needs … continue reading

Simplify security testing from end-to-end

As companies across the globe race to fortify their cybersecurity defenses, they’re increasingly finding themselves navigating a complex maze when it comes to security testing. The past decade of innovation has produced an ecosystem now booming with countless tools, yet aligning these tools together, and avoiding tool sprawl, is proving to have its own set of … continue reading

Google has added new privacy features in Search

Google announced that it is rolling out new tools and protections to help users stay in control of their personal information, privacy, and online safety. The “Results about you” tool has been updated and enhanced, enabling users to better manage their personal contact information on Google Search. It alerts users when their contact information appears … continue reading

Sonar’s new SAST tool includes support for thousands of open-source libraries

The developer security company Sonar has announced an update to its platform, which will make it even easier for developers to write what Sonar calls “Clean Code,” or code that is “easy to read, maintain, understand and change through structure and consistency yet remains robust and secure to withstand performance demands.” The company has added … continue reading

Synopsys Software Risk Manager aims to simplify security and testing strategies

Synopsys is working to make it easier for security teams to align their strategy across different projects, teams, and application security testing (AST) tools. They have released the Synopsys Software Risk Manager, which brings together security testing engines with policy-driven test orchestration and vulnerability management. According to Synopsys, Software Risk Manager allows teams to centrally … continue reading

Palo Alto Networks announces CI/CD security features

Palo Alto Networks unveiled its CI/CD Security module which aims to offer comprehensive software delivery pipeline security integrated into code-to-cloud capabilities within Prisma Cloud’s CNAPP platform.  Prisma Cloud focuses on safeguarding the CI/CD environment and effectively shielding against potential open-source vulnerabilities using software composition analysis, according to the company in a blog post.  “A major … continue reading

Rust Foundation outlines many improvements to the language’s security structure

The Rust Foundation outlined many improvements to the security structure of the language and expressed its commitment to developing tools, features, and recommendations based on security research in its Security Initiative Report.  The Rust advancements follow the White House’s National Cybersecurity Strategy Implementation Plan that signals a deep civic investment in more secure programming languages like … continue reading

Allstacks Renews SOC 2 Certification, Demonstrating Data Security of the Value Stream Intelligence Platform

RALEIGH, NC – July 26, 2023 – Allstacks, a leader in value stream intelligence, today announced that it has successfully renewed a Type 2 Service Organization Control (SOC 2) examination conducted by an independent auditor. The audit demonstrated that the Allstacks platform meets specific criteria for guarding the data security of its clients and their customers. SOC … continue reading

JFrog Curation identifies high-risk packages and compliance issues

JFrog has announced the introduction of JFrog Curation, an automated DevSecOps solution designed to thoroughly inspect and block contaminated open-source or third-party software packages and their respective dependencies before they enter a company’s software development environment.  JFrog Curation, which is integrated with JFrog Artifactory, uses binary metadata for the identification of high-risk packages with high-severity … continue reading Protection Status