DevOps

Rethinking AppSec: How DevOps, containers, and serverless are changing the rules

Application Security, automation, Bright, CISO, cybersecurity, DevOps, Don't miss, Features, Hot stuff, News, opinion, serverless, strategy, tips /

Rethinking AppSec: How DevOps, containers, and serverless are changing the rules 2025-05-07 at 08:32 By Mirko Zorz Application security is changing fast. In this Help Net Security interview, Loris Gutic, Global CISO at Bright, talks about what it takes to keep up. Gutic explains how DevOps, containers, and serverless tools are shaping security, and shares […]

React to this headline:

Loading spinner

Rethinking AppSec: How DevOps, containers, and serverless are changing the rules Read More »

Powerpipe: Open-source dashboards for DevOps

DevOps, Don't miss, GitHub, Hot stuff, News, open source, software /

Powerpipe: Open-source dashboards for DevOps 2024-11-12 at 07:03 By Help Net Security Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring. Dynamic dashboards and reports Powerpipe’s high-level dashboards offer an

React to this headline:

Loading spinner

Powerpipe: Open-source dashboards for DevOps Read More »

How to make Infrastructure as Code secure by default

code, cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, remediation, security standard, StackGen, threat detection /

How to make Infrastructure as Code secure by default 2024-09-13 at 07:46 By Help Net Security Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files. What can we to do make IaC secure by default? Security workflows for IaC

React to this headline:

Loading spinner

How to make Infrastructure as Code secure by default Read More »

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

cybersecurity, DevOps, DevSecOps, GitHub, GitLab, GitProtect.io, monitoring, News, penetration testing, Ransomware, report, social engineering, vulnerability management /

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise 2024-08-07 at 06:01 By Help Net Security Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate security

React to this headline:

Loading spinner

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Read More »

Maintaining human oversight in AI-enhanced software development

Artificial Intelligence, automation, code, cybersecurity, DevOps, Don't miss, Features, generative AI, Harness, Hot stuff, News, opinion, software development /

Maintaining human oversight in AI-enhanced software development 2024-07-03 at 07:31 By Mirko Zorz In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and integrated security practices to ensure safe

React to this headline:

Loading spinner

Maintaining human oversight in AI-enhanced software development Read More »

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Android, CVE, DevOps, Don't miss, Hot stuff, Java, JetBrains, Kotlin, News, software development, vulnerability /

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the

React to this headline:

Loading spinner

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »

How to combat alert fatigue in cybersecurity

cybersecurity, DevOps, Don't miss, Features, framework, Hot stuff, News, opinion, Stamus Networks, strategy /

How to combat alert fatigue in cybersecurity 2024-05-28 at 07:31 By Mirko Zorz In this Help Net Security interview, Ken Gramley, CEO at Stamus Networks, discusses the primary causes of alert fatigue in cybersecurity and DevOps environments. Alert fatigue results from the overwhelming volume of event data generated by security tools, the prevalence of false

React to this headline:

Loading spinner

How to combat alert fatigue in cybersecurity Read More »

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

DevOps, Don't miss, Git, GitHub, Hot stuff, News, open source, security update, vulnerability /

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) 2024-05-16 at 14:16 By Zeljka Zorz New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed version

React to this headline:

Loading spinner

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) Read More »

How Google’s 90-day TLS certificate validity proposal will affect enterprises

AppViewX, automation, certificates, cybersecurity, DevOps, Don't miss, Encryption, Expert analysis, Expert corner, Google, Hot stuff, News, opinion, policy, risk assessment /

How Google’s 90-day TLS certificate validity proposal will affect enterprises 2024-04-11 at 08:01 By Help Net Security Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of

React to this headline:

Loading spinner

How Google’s 90-day TLS certificate validity proposal will affect enterprises Read More »

Using cloud development environments to secure source code

Cloud, code, Coder, cybersecurity, DevOps, Don't miss, Hot stuff, programming, software development, Video /

Using cloud development environments to secure source code 2024-03-21 at 07:01 By Help Net Security In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining

React to this headline:

Loading spinner

Using cloud development environments to secure source code Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

Key areas that will define the intersection of AI and DevOps

Artificial Intelligence, Compliance, cybersecurity, DevOps, Don't miss, Eficode, framework, generative AI, Hot stuff, policy, regulation, Video /

Key areas that will define the intersection of AI and DevOps 2024-03-01 at 07:33 By Help Net Security Eficode research indicates that 96% of developers use AI tools, with most coders bypassing security policies to use them. With no standardized AI tool regulations, researchers advocate for stronger governance frameworks and AI security policies in organizations’

React to this headline:

Loading spinner

Key areas that will define the intersection of AI and DevOps Read More »

AI-driven DevOps: Revolutionizing software engineering practices

Artificial Intelligence, Codium AI, Compliance, cybersecurity, DevOps, Don't miss, Features, Hot stuff, News, opinion, programming, skill development, software development /

AI-driven DevOps: Revolutionizing software engineering practices 2024-02-28 at 07:04 By Mirko Zorz In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. Despite the benefits, challenges in incorporating

React to this headline:

Loading spinner

AI-driven DevOps: Revolutionizing software engineering practices Read More »

How to make developers accept DevSecOps

CISO, code, DevOps, DevSecOps, Don't miss, Hot stuff, News, skill development, software development /

How to make developers accept DevSecOps 2024-01-31 at 07:05 By Helga Labus According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only way to change it

React to this headline:

Loading spinner

How to make developers accept DevSecOps Read More »

Self-managed GitLab installations should be patched again (CVE-2024-0402)

DevOps, Don't miss, GitLab, Hot stuff, News, security update, software development, vulnerability /

Self-managed GitLab installations should be patched again (CVE-2024-0402) 2024-01-30 at 14:02 By Zeljka Zorz Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability (CVE-2024-0402) in GitLab CE/EE again and is urging users to update their installations immediately. GitLab Inc. operates

React to this headline:

Loading spinner

Self-managed GitLab installations should be patched again (CVE-2024-0402) Read More »

Enhancing mainframe security with proven best practices

cybersecurity, Data Protection, DevOps, Don't miss, Hot stuff, hybrid cloud, mainframe security, network, open source, risk, Rocket Software, Video /

Enhancing mainframe security with proven best practices 15/11/2023 at 08:35 By Help Net Security Mainframe systems have served as the bedrock of enterprise networks for years, standing unmatched in terms of reliability, scalability, and data protection. However, security risks have become a pressing concern as the digital landscape evolves, emerging practices like DevOps, the rise

React to this headline:

Loading spinner

Enhancing mainframe security with proven best practices Read More »

Organizations lack the skills and headcount to manage Kubernetes

Artificial Intelligence, automation, CIO, Compliance, cybersecurity, DevOps, Kubernetes, News, patching, report, Spectro Cloud, survey /

Organizations lack the skills and headcount to manage Kubernetes 10/11/2023 at 07:02 By Help Net Security The Kubernetes industry is undergoing rapid change and evolution due to the growth of edge computing, the acceleration of AI, and the pressing need to modernize Kubernetes management in response to increasing technology scale and complexity, according to Spectro

React to this headline:

Loading spinner

Organizations lack the skills and headcount to manage Kubernetes Read More »

Mainframes are around to stay, it’s time to protect them

Compliance, cybersecurity, data, DevOps, mainframe security, News, open source, report, Rocket Software, survey, vulnerability management /

Mainframes are around to stay, it’s time to protect them 01/11/2023 at 07:31 By Help Net Security While many organizations run their core business applications on the mainframe, IT leaders lack confidence in the effectiveness of their mainframe security compliance, signaling a need for more robust security practices, according to Rocket Software. For decades, mainframe

React to this headline:

Loading spinner

Mainframes are around to stay, it’s time to protect them Read More »

How to go from collecting risk data to actually reducing risk?

cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, remediation, Risk Management, Seemplicity, strategy, tips /

How to go from collecting risk data to actually reducing risk? 17/10/2023 at 08:17 By Help Net Security Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. Making that transition starts with a shift from using “risks

React to this headline:

Loading spinner

How to go from collecting risk data to actually reducing risk? Read More »

GenAI in software surges despite risks

Artificial Intelligence, code, cybersecurity, DevOps, Don't miss, generative AI, Hot stuff, open source, software, Sonatype, Video, vulnerability /

GenAI in software surges despite risks 03/10/2023 at 07:05 By Help Net Security In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders,

React to this headline:

Loading spinner

GenAI in software surges despite risks Read More »

Scroll to Top