GitLab has unveiled GitLab 17, a major update of its devsecops platform that brings a CI/CD catalog of reusable pipeline components and an AI impact dashboard. The company also announced GitLab Duo Enterprise, an AI-powered assistant that helps detect vulnerabilities…
Category: InfoWorld Security
GitLab unveils GitLab 17, AI for devsecops
GitLab has unveiled GitLab 17, a major update of its devsecops platform that brings a CI/CD catalog of reusable pipeline components and an AI impact dashboard. The company also announced GitLab Duo Enterprise, an AI-powered assistant that helps detect vulnerabilities…
12 principles for improving devsecops
I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing…
7 application security startups at RSAC 2024
The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security…
7 application security startups at RSAC 2024
The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security…
GitHub takes aim at software supply chain security
GitHub has introduced Artifact Attestations, a software signing and verification feature based on Sigstore that protects the integrity of software builds in GitHub Actions workflows. Artifiact Attestations is now available in a public beta. Announced May 2, Artifact Attestations allows…
Does cloud security have a bad reputation?
The recent discourse around the security of cloud computing in the banking sector, highlighted by Nicholas Fearn’s piece in the Financial Times, paints a somewhat grim picture of the cybersecurity landscape when it comes to banks moving to cloud computing.…
Understanding Microsoft’s Trusted Signing service
How do we ensure that the code we’re installing is, at the very least, the code that a vendor shipped? The generally accepted solution is code signing, adding a digital signature to binaries that can be used to ensure authorship.…
Java services hit hardest by third-party vulnerabilities, report says
Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog. Released on April 17, the report found that 90% of Java services were susceptible to one or…
Most developers have adopted devops, survey says
As of the first quarter of 2024, 83% of developers were involved in devops-related activities such as performance monitoring, security testing, or CI/CD, according to the State of CI/CD Report 2024, published by the Continuous Delivery (CD) Foundation, a part…