Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevSecOps

What SecOps Teams Can Expect in 2022

Traditionally, most organizations have had siloed departments wherein teams’ activities are highly separated and the objectives within organizational structures are divided. This operational methodology has brought about friction – especially within the IT department, where developers and ITOps lack collaboration.

Six Pillars of DevSecOps

DevOps and Security. One encourages speed, agility, iterative learning, enabling technology to keep up with the pace of business. The other wants to keep you safe, slows things down, crosses all the T's and dots all the I's. They seem to be at odds with one another — but do they need to be? DevSecOps says no, that’s not the way it has to be.

Secure DevOps on Microsoft Azure: Reduce Cloud & Container Risk

Microsoft Azure is a great choice for enterprises looking to quickly build and deploy apps to the cloud. However, cloud teams must simultaneously consider how to implement DevSecOps practices to reduce, manage and avoid risks. Sysdig is collaborating with Microsoft to simplify cloud and container security and deliver robust SaaS-based solutions for the Azure ecosystem.

Why DevSecOps is Going Passwordless

I talk to a lot of engineers every day. SREs. Systems Architects. Security Engineers. What I am hearing from them is that they are moving away from passwords — both in their personal lives, opting for more secure forms of authentication like biometrics and second factors, and at work. It just doesn’t make sense anymore to protect your personal bank with a second factor, but to share around an SSH key to access critical server infrastructure.

DevSecOps and Data Engineering

As security is adopted more in the shift left devsecops approach it brings with it a re-examining of the full SDLC. This is increasingly important not only as part of security policies and app handling but also ensuring the protection of infrastructure, data and end user app experiences. In this Snyk Live episode we are joined by Saman Fatima, sharing experiences around security practices and approach. Looking at DevSecOps practices like IAM and how security can apply to data engineering.

DevSecOps trend accelerates: CIOs are changing who is responsible for cybersecurity

CIOs are remaking the IT function — no longer will security and developer teams be siloed. Recent survey data from 451 Research, part of S&P Global Market Intelligence, and published by Elastic shows a major shift in who is using application security tools, suggesting that DevSecOps is not just an idea, but a growing reality for IT decision makers. IT decision-makers allocated application security tools to 48% of development teams in 2020, compared to just 29% in 2015.

SBOMs are the gifts that keep on giving.

The timing of CISA’s SBOM-a-rama today and tomorrow coincides with the fallout from the “vulnerability of the decade” gifting the industry with yet another example of why scaling and operationalizing the widespread use of SBOMs is so vital. Log4Shell is a 10/10 vulnerability in a hugely popular Java logging library – Log4j – used in virtually every online service. For two decades it was considered harmless, that is until last week when somebody found it wasn’t.

Glide to JFrog DevSecOps with the New Experience

We’re excited to share with you that we have launched a completely new way to start using the JFrog DevOps Platform that you – as a developer – will love. We’ve provided a super-easy, developer-friendly path to discovering how Artifactory and Xray can help you produce safer apps, faster, getting started through the command line shell and IDE that you use every day.