Security News

Powerpipe: Open-source dashboards for DevOps
2024-11-12 05:00

Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter...

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
2024-05-24 10:35

Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks...

Key areas that will define the intersection of AI and DevOps
2024-03-01 05:30

Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations' DevOps strategies to encompass the challenges and opportunities AI presents.

AI-driven DevOps: Revolutionizing software engineering practices
2024-02-28 05:00

In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. How is AI integrated into DevOps practices, and what are the most significant changes you've observed in software development processes?

Barriers preventing organizations from DevOps automation
2023-10-03 03:00

Organizations prioritize DevOps automation investments. The biggest barriers preventing organizations from automating new DevOps use cases are security concerns, difficulty operationalizing data, and toolchain complexity.

Securing GitHub Actions for a safer DevOps pipeline
2023-10-02 04:30

Misconception #1: GitHub Actions security only means using SCA, SAST tools in CI/CD. When people think about GitHub Actions security, their first thought is about adding security tools, like SCA and SAST tools, in the CI/CD pipeline. GitHub Actions security also extends to securing the CI/CD servers on which GitHub Actions run.

Generative AI lures DevOps and SecOps into risky territory
2023-09-15 03:30

According to the surveyed DevOps and SecOps leaders, 97% are using the technology today, with 74% reporting they feel pressure to use it despite identified security risks. While DevOps and SecOps respondents hold similar outlooks on generative AI in most cases, there are notable differences with regards to adoption and productivity.

Understanding the interplay between DevOps productivity and security
2023-06-22 04:00

Not only are macroeconomic headwinds causing more significant stress for security and DevOps teams, but the increasing number of threats against shrinking teams is causing an uneven playing field. In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, discusses improving DevOps productivity with a focus on security.

Microsoft, GitHub announce application security testing tools for Azure DevOps
2023-05-24 10:54

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
2023-02-28 01:40

LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.