Security News
Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. The decision to revoke the keys was taken after GitKraken's developer Axosoft notified Microsoft on September 28 that a bug in the keypair library's pseudo-random number generator led to duplicate RSA keys being generated.
The last year was challenging for every business sector, and none more than healthcare which was under enormous pressure to provide care while changing the way many services are delivered. According to data from a Redgate Software report, the importance of IT in enabling and facilitating that change has been key to success for the healthcare sector, with DevOps adoption, cloud use and cross-platform database development all increasing markedly.
JFrog has accelerated its efforts to provide security offering to support DevOps users as they respond to the disruption in the market for continuous software delivery. As part of the JFrog Platform, Vdoo will accelerate JFrog's vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices.
Aqua Security announces that Aqua Trivy is now the default scanner for GitLab Auto DevOps. "One of the primary reasons behind the default scanner change was the ease of use with Trivy compared to alternative open source scanner options," says Sam White, Sr. Product Manager at GitLab.
The company collaborated with 12 companies, including real estate market disruptor Compass, in private beta for six months to increase the speed of every continuous integration/continuous delivery process that runs on Bitrise. Bitrise selected a dozen of the world's most advanced mobile-first organizations to trial its second-generation platform before releasing it widely.
KubeSphere Community announced the general availability of KubeSphere 3.1.0. KubeSphere, as an app-centric distributed operating system running on top of Kubernetes, has further expanded its portfolio to deliver more robust experiences for users across the globe, enabling DevOps teams to run Kubernetes workloads where and when they want with ease and security.
You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. DevSecOps can't be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do.
Cycode, an Israeli startup focused on securing DevOps tools, today announced that it has raised $20 million in Series A funding, which brings the total capital raised by the company up to $25 million. Founded in 2019, the Tel Aviv-based Cycode aims to provide visibility into source code, as well as the necessary means to detect anomalies and respond to them.
DevSecOps tools are enabling developers to release new code faster than ever - yet testing, code review and disagreements over who is in charge of security remain sticking points within organizational teams, according to GitLab's latest industry survey. Just over 84% of developers reported they were releasing code faster than before, with 57% reporting that code was being released twice as fast - a significant jump from last year's 35%. Nearly one in five said code was going out the door 10x faster.
With the Splunk Observability Cloud, IT and DevOps teams can get all their answers in a unified interface with metrics, traces and logs - all data collected in real-time, without sampling and at any scale. "The Splunk Observability Cloud helps IT and DevOps teams conquer complexity and accelerate cloud transformation for their organizations."