Security News

DevSecOps tools are enabling developers to release new code faster than ever - yet testing, code review and disagreements over who is in charge of security remain sticking points within organizational teams, according to GitLab's latest industry survey. Just over 84% of developers reported they were releasing code faster than before, with 57% reporting that code was being released twice as fast - a significant jump from last year's 35%. Nearly one in five said code was going out the door 10x faster.

With the Splunk Observability Cloud, IT and DevOps teams can get all their answers in a unified interface with metrics, traces and logs - all data collected in real-time, without sampling and at any scale. "The Splunk Observability Cloud helps IT and DevOps teams conquer complexity and accelerate cloud transformation for their organizations."

Amazon Web Services announced the general availability of Amazon DevOps Guru, a fully managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation. When Amazon DevOps Guru analyzes system and application data to automatically detect anomalies, it also groups this data into operational insights that include anomalous metrics, visualizations of application behavior over time, and recommendations on actions for remediation-all easily viewable in the Amazon DevOps Guru console.

Styra announced new compliance packs for its Declarative Authorization Service, which include MITRE ATT&CK Matrix for enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams. These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.

Saltworks announced a partnership with Secure Code Warrior to elevate the importance and accessibility of secure code education and skills development. Given the software industry's increased focus on integrating AppSec into DevOps processes, the Secure Code Warrior partnership is a proof point of Saltworks' holistic approach that empowers developers to author error-free code and deliver secure applications from policy to production.

Using Terraform, an open source IaC tool developed by Hashicorp, to provision infrastructure provides many benefits to the management and operations of your environment. Its versatility, declarative language, and the productivity gains of using the same Infrastructure as Code tooling across multiple cloud providers have made Terraform one of the most popular tools for infrastructure provisioning.

IBM announced a series of new and updated capabilities for developers designed to deliver intelligent application analysis throughout the DevOps pipeline, generally available on March 19. To help clients unlock the value of DevOps across the enterprise, and help reduce risk around application modernization, IBM is announcing new IBM Wazi Analyze capabilities to help bring IBM Z into the DevOps pipeline, unlocking uniform, enterprise-wide agile delivery processes and standards with transferable skills for non-Z developers.

"Successful DevOps depends on the right mix of processes, technology, culture, and risk mitigation in an organization's software assembly line," said Al Sadowski, Effectual SVP Product Management. "One of our key platform design principles was to ensure that security and compliance are baked into every phase of the DevOps lifecycle."

xMatters announced new feature advancements designed to facilitate a data-driven DevOps approach to incident resolution. New pre-built automation steps further streamline the incident resolution process so managers can quickly add notes and assign severity or priority levels to an incident.

Nearly three quarters of organizations have now adopted DevOps in some form, cross-platform database use has risen markedly and, significantly, IT teams have remained remarkably productive despite working remotely. "It helped to accelerate our understanding of the ways IT teams can cooperate and continue to develop applications and databases when taking a remote-first approach. That, in turn, has accelerated further the take-up of DevOps, the use of multiple database platforms for different use cases, and the move to the cloud."