Dynatrace Applies AI to Surface App Vulnerabilities

Source:-https://devops.com/ Dynatrace has added a security module to its observability platform that leverages its Davis artificial intelligence (AI) engine to automatically identify the software libraries and open source packages that represent the greatest security risk. Ajay Gandhi, vice president of product marketing for Dynatrace, said the Davis Security Advisor, made available as part of the Dynatrace Application Security Module, makes it easier for IT teams understand which vulnerabilities need to be remediated first. Davis Security Advisor aggregates vulnerability data in

Read more

Zettaset Announces Availability of XCrypt Kubernetes Encryption on the VMware Marketplace

Source:-https://www.streetinsider.com/ SAN FRANCISCO–(BUSINESS WIRE)– Zettaset a leading provider of data protection solutions, today announced that XCrypt Kubernetes Encryption is available on the VMware Marketplace. VMware Marketplace enables customers to discover and deploy compatible, validated third-party solutions to VMware environments. Once validated, partners can easily publish their solutions for VMware customers across platforms. Customers will be able to access these third-party partner solutions directly from their cloud environments, while also being able to experience the convenience of features such as notifications,

Read more

GitLab Updates Approach to Integrating DevOps Workflows

Source:-https://devops.com/ GitLab today took the wraps off a major update to its continuous integration/continuous delivery (CI/CD) platform that embeds analytics tools in workflows to identify the root cause of inefficiencies, among other additional capabilities. David DeSanto, senior director for product management at GitLab, said that capability is part of an ongoing effort to include value stream analytics within the core GitLab 14 platform as an alternative to acquiring and deploying a separate platform. There are also additional charts and dashboards

Read more

Accurics Unveils GitLab Static Analysis Integration To Contextualize Risk Across The SDLC

Source:-https://www.businesswire.com/ PLEASANTON, Calif.–(BUSINESS WIRE)–Accurics, the cloud cyber resilience specialist, today announced a technology partnership with GitLab, a single application for the DevOps lifecycle, as well as the general availability of its integration with GitLab’s Static Application Security Testing (SAST) solution. Accurics leverages the integration with GitLab to provide DevSecOps teams with a holistic, contextualized view of application and infrastructure risks. Organizations can now establish and programmatically enforce consistent risk management policies throughout the Software Development Lifecycle (SDLC) while minimizing the

Read more

Majority of Orgs Lack Visibility Into Container Vulnerabilities

Source:-https://devops.com/ Today’s blend of third-party application dependencies and polyglot software development often makes assessing risk difficult. With many new cloud-native deployment models, it can be tricky to discover potential vulnerabilities. These threats take the form of insecure default settings in Kubernetes, over-permissive states, CVEs that threaten container integrity, and other vulnerable conditions. Plugging gaps throughout the cloud-native strata is now crucial to avoid exposing data and breaking privacy regulations. Yet, gaining visibility into these holdings is challenging, and traditional application

Read more

Accurics Aligns DevSecOps Platform With GitLab

Source:-https://devops.com/ Accurics today announced it has integrated its tool for discovering violations of security policies that occur when developers provision infrastructure as code with both the continuous integration and continuous delivery (CI/CD) platform and the static application security assessment testing (SAST) tools from GitLab. Om Moolchandani, chief information and security officer (CISO) and CTO for Accurics, said both integrations make it easier for developers to discover security issues earlier as part of a DevSecOps workflow using the company’s Terrascan tools.

Read more

Fixing Risk Sharing With Observability

Source:-https://devops.com/ Incentives are mismatched among SREs, SecOps, and application developers. These mismatches create challenges around how and what information is shared across siloed teams. This asymmetrical information creates a moral hazard where one team can shift deployment risk to another team, with no accountability back to the originating team. Risk shifting results in unstable applications, inefficient infrastructure, security issues and poor customer experience. All of that impacts your company’s bottom line. Closing the Information Gap Observability is positioned as a

Read more

GitLab Positioned in the Challengers Quadrant of the 2021 Magic Quadrant for Application Security Testing

Source:-https://www.globenewswire.com/ SAN FRANCISCO, June 03, 2021 (GLOBE NEWSWIRE) — GitLab Inc., the company that offers the single application for the DevOps lifecycle, today announced it has been positioned by Gartner in the Challengers quadrant of the Magic Quadrant for Application Security Testing. “We are thrilled to be recognized by Gartner as a Challenger in the 2021 Magic Quadrant for Application Security Testing report and excited to see what we believe to be validation of our unique and holistic approach to

Read more

Just 3% of organizations have real-time visibility into runtime vulnerabilities

Source:-https://www.securitymagazine.com/ Software intelligence company Dynatrace announced the findings of an independent global survey of 700 CISOs, which reveals the rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security. As organizations shift more responsibility “left” to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that

Read more

The Heise webinar series: DevOps in practice

Source:-https://marketresearchtelecast.com/ In June, July and August, Heise offers a webinar series DevOps in practice a practical introduction to the world of modern container technology. In a total of 20 hours, participants learn how to use continuous delivery pipelines. In addition, you will learn how to implement test automation, create the right corporate culture for DevOps, integrate security into the development process via DevSecOps and implement continuous deployment with GitOps. The webinars are headed by the renowned experts Konstantin Diener, Christian

Read more

DevSecOps: Ensuring Continuous Cloud Security And Compliance

Source:-https://nerdsmagazine.com/ What is DevSecOps? Briefly, DevSecOps (which stands for Development, Security, and Operations) refers to integrating security at every phase of software development. From the initial design of the product to development stages such as integration, testing, deployment, and delivery, security is tested at every stage of the process. Earlier, the security of the software was tacked on at the end of the process. A security team would integrate security processes once the software was ready to be delivered. Then,

Read more

Announcing the New Open Source Project Yor, Dynamic and Automated Cloud Infrastructure Tagging

Source:-https://www.prnewswire.com/ SANTA CLARA, Calif., May 27, 2021 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today announced the release of Yor, an open-source tool that automatically tags cloud resources within infrastructure as code (IaC) frameworks Terraform, AWS CloudFormation, and Serverless Framework YAML. Yor automates the tedious work of manually tagging cloud resources, helps security teams trace security misconfigurations from code to cloud, and enables highly effective GitOps across all major cloud providers. “Effective infrastructure tagging is critical

Read more

DevOps vs. Agile Development: What Methodology Is Right For You?

Source:-https://biztechmagazine.com/ That collaboration can take many forms, and for the uninitiated, approaches such as DevOps or agile development can be hard to grasp at a high level — and they may seem like the same thing. But while they may do similar things, agile and DevOps have some notable differences, and their greatest power may emerge when they come together in one cultural piece. What Is Agile Development? First codified during a 2001 meeting at a ski resort in Utah,

Read more

Getting Started With Continuous Monitoring

Source:-https://devops.com/ DevOps continues to gain traction among organizations as demand grows for digital product and platform development. According to Gartner, 87% of business leaders believe digitalization is a priority. Every DevOps transformation requires a dedicated, continuous learning process and effective implementation to reach maturity. If a practice or pattern is passed over or ignored, it can put a damper on DevOps success. Continuous monitoring, for example, is a very important part of every DevOps life cycle that is often overlooked.

Read more

Latest VMware Acquisition to Strengthen Modern App Security

Source:-https://www.channelfutures.com/ VMware is buying Mesh7. The virtualization giant’s latest acquisition secures cloud-native applications and microservices by monitoring application behavior at the API layer. The acquisition is part of VMware‘s efforts to make modern applications more secure. Once the deal closes, the Mesh7 technology will enable VMware to bring visibility, discovery and better security to APIs. Mesh7 API Security Mesh provides application and API layer visibility to remove any blind spots within distributed and cloud-native application environments. It does so in

Read more

The Importance of Incorporating DesignOps Into DevOps

Source:-https://devops.com/ Design is a critical software project element that often goes unnoticed by those writing code. After all, coders and implementers tend to take the design process for granted and leave the look and feel of applications to the designers. In the days of waterfall based development, design was one of the first steps in the development sequence of creating a new application. However, with Agile and DevOps development practices, design became disconnected from the overall process. “If you look

Read more

GitGuardian Reports Careless Handling of Application Secrets

Source:-https://devops.com/ A new report, the 2021 State of Secrets Sprawl on GitHub, published today by GitGuardian, a provider of a tool for monitoring usage of application secrets, suggests developers are not especially good at keeping those secrets safe. Based on an analysis of every single commit made to GitHub, the report finds there has been a 20% year-over-year increase in the number of secrets – such as application programming interface (API) keys, private keys, certificates, usernames and passwords – discovered

Read more

Kubernetes is a Perfect Fit With DevOps Culture

Source:-https://containerjournal.com/ In my article, 9 Pillars of Engineering DevOps With Kubernetes, I explain that collaborative culture is a core pillar of well-engineered DevOps. DevOps favors cultures that are highly collaborative, continuous learning environments with most work arranged within small cross-functional teams that have short communication paths and shared accountabilities. No technology, not even one as popular as Kubernetes, will achieve success with DevOps without the right culture. I said in my book, “Engineering DevOps,” that culture is a door to

Read more

Polyverse partners with Arganteal to provide automated DevSecOps

Source:-https://www.einnews.com/ BELLEVUE, WA, USA, March 9, 2021 /EINPresswire.com/ — Polyverse, the computer industry’s leading provider of zero trust cybersecurity solutions, today announced that it has partnered with Arganteal to provide secured, automated DevSecOps orchestration for the rapid deployment and configuration of networks, infrastructure and applications in legacy or virtual environments. Arganteal synthesizes DevSecOps orchestration scripts, and can automate the tedious projects that routinely occupy expensive subject-matter experts. Arganteal works with any API, any platform, and any scripting language. By harnessing

Read more

From Agile to DevOps to DevSecOps: The Next Evolution

Source:- https://devops.com/ As the workforce shifts to remote locations, networks are becoming more diffuse as the edge gets farther away. At the same time, the number of devices and applications on those networks continues to rise. Some estimates suggest that, by 2030, there will be 15 connected devices for every person on the planet. The rapid expansion of the remote workforce and their associated application needs has created a significant challenge for both application developers and the IT professionals tasked

Read more
1 2 3 15