Application Security
Application Security | News, how-tos, features, reviews, and videos
JFrog Curation blocks malicious open source software packages
DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use.
Golang vulnerability checker flags Go vulnerabilities
Govulncheck is a command-line utility that uses the Go vulnerability database to identify known vulnerabilities in Go source code and Go binaries.
GitLab Dedicated offers single-tenant, SaaS-based devsecops
Service hosted and managed by GitLab is geared to users with strict compliance requirements such as isolation, data residency, and private networking.
7 key features for Kubernetes and container security
Uptycs combines threat detection for Kubernetes and container runtimes, along with automated registry scanning and Kubernetes hardening checks. Here are the highlights.
AppMap: A map to reduce developer toil
Open-source AppMap brings runtime code analysis into the developer’s code editor, providing the feedback needed to address performance and security issues during development and reduce code rework.
How to reduce your devops tool sprawl
After a decade of software development and operations teams embracing every ‘right tool for the job,’ it’s time to start tool consolidation efforts. Here’s where to start.
Sigstore: Roots of trust for software artifacts
Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages.
A practical guide to React Native authentication
Using React Native authentication to verify user identities is a relatively painless and straightforward process that not only protects your company’s data and your user’s privacy, but also improves the user experience.
Google launches dependency API and curated package repository with security metadata
With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.
Snyk bolsters developer security with fresh devsecop, cloud capabilities
Snyk aims to boost security support for developers across their software supply chains with coding, cloud and devsecops enhancements.
Splunk adds new security and observability features
New security and observability features will be added to Splunk Mission Control and its Observability Cloud to identify threats and incidents more efficiently, the company said.
Cybersecurity startup Oligo debuts with new application security tech
An Israeli startup targets open source code vulnerabilities with advanced agentless filtering technology.
How multicloud changes devops
More clouds, more complexity, more challenges. Now’s the time to prepare for the impact multicloud will have on your devops teams.
C++ creator Bjarne Stroustrup defends its safety
US National Security Agency recommends using memory safe programming languages instead of C/C++ when possible, because hackers frequently exploit memory issues.
Canonical security subscriptions for Ubuntu Linux now available
Security maintenance service for Ubuntu LTS releases offers CVE protection and security updates for some 23,000 packages beyond the main OS.
What is DevSecOps? Securing devops pipelines
DevSecOps evolves devops concepts with tools and practices that embed security in every layer of the software development life cycle. Here's why more companies are embracing DevSecOps.
Qualys previews TotalCloud FlexScan for multicloud security management
Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.
Azul detects Java vulnerabilities in production apps
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.