The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects 2026-06-17 at 12:42 By Mirko Zorz Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen member organizations. Founding members include BNY, Chainguard, […]
7 hard truths security pros should know: 2026 DevOps Threats Report 2026-05-20 at 09:34 By Help Net Security In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your
7 hard truths security pros should know: 2026 DevOps Threats Report Read More »
HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a
HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »
One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you
One keypress is all it takes to compromise four AI coding tools Read More »
Amazon sends AI agents into pen testing and DevOps 2026-03-31 at 20:31 By Sinisa Markovic Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we secure and operate software. AWS Security Agent compresses penetration testing timelines from 2-6 weeks to
Amazon sends AI agents into pen testing and DevOps Read More »
Betterleaks: Open-source secrets scanner 2026-03-19 at 09:02 By Anamarija Pogorelec Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and
Betterleaks: Open-source secrets scanner Read More »
Your dependencies are 278 days out of date and your pipelines aren’t protected 2026-03-02 at 09:00 By Mirko Zorz Applications continue to ship with known weaknesses even as development workflows speed up. A new Datadog State of DevSecOps 2026 report examines how dependency management and pipeline practices are influencing exposure across cloud native environments. Across
Your dependencies are 278 days out of date and your pipelines aren’t protected Read More »
Bandit: Open-source tool designed to find security issues in Python code 2026-01-21 at 08:04 By Sinisa Markovic Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the
Bandit: Open-source tool designed to find security issues in Python code Read More »
CISO Assistant: Open-source cybersecurity management and GRC 2026-01-14 at 13:25 By Mirko Zorz CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a structured system. The community edition is maintained as a self-hosted tool for organizations that want direct access to
CISO Assistant: Open-source cybersecurity management and GRC Read More »
StackRox: Open-source Kubernetes security platform 2026-01-08 at 08:31 By Anamarija Pogorelec Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, with engineers trying to keep clusters stable while meeting internal policy requirements. The StackRox open source project sits in
StackRox: Open-source Kubernetes security platform Read More »
Docker makes hardened images free open and transparent for everyone 2025-12-22 at 15:09 By Sinisa Markovic Docker has made its open source Docker Hardened Images project available at no cost for every developer and organization. The catalog contains more than 1,000 container images built on open source distributions such as Debian and Alpine and is
Docker makes hardened images free open and transparent for everyone Read More »
cnspec: Open-source, cloud-native security and policy project 2025-11-24 at 08:32 By Sinisa Markovic cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see what needs
cnspec: Open-source, cloud-native security and policy project Read More »
AI is rewriting how software is built and secured 2025-11-10 at 11:28 By Anamarija Pogorelec AI has become part of everyday software development, shaping how code is written and how fast products reach users. A new report from Cycode, The 2026 State of Product Security for the AI Era, explores how deeply AI now runs
AI is rewriting how software is built and secured Read More »
PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that
PortGPT: How researchers taught an AI to backport security patches automatically Read More »
DefectDojo: Open-source DevSecOps platform 2025-10-08 at 09:39 By Anamarija Pogorelec DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track and remove duplicate findings, handle remediation, and generate reports. Whether you’re a solo security practitioner or a CISO managing multiple teams, DefectDojo helps
DefectDojo: Open-source DevSecOps platform Read More »
How to Close the AI Governance Gap in Software Development 2025-09-05 at 18:14 By Matias Madou Widespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversight. The post How to Close the AI Governance Gap in Software Development appeared first on SecurityWeek. This article is an excerpt
How to Close the AI Governance Gap in Software Development Read More »
Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the
Five habits of highly secure development teams Read More »
Making security and development co-owners of DevSecOps 2025-07-18 at 09:41 By Mirko Zorz In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, and critical infrastructure, he offers tips on ownership
Making security and development co-owners of DevSecOps Read More »
AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also
AI built it, but can you trust it? Read More »
Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also
Healthcare CISOs must secure more than what’s regulated Read More »