3 Key Considerations for DevOps Automation
If you’re considering increasing your company’s reliance on DevOps automation, here is a 3-step thought process to automate your mindset.
Choose Your Type
Choose Your Topic
Our Latest Content
Software Development Life Cycle: Finding a Model That Works
This article identifies the phases of the SDLC (software development life cycle) and its main models: Waterfall and Agile.
Leading the Transformation
Digital transformation has been occurring in organizations of all sizes for the past few years, yet the process isn’t moving fast enough to move the needle in many companies. How can DevOps help increase the velocity and impact of digital transformation? This panel webinar discusses the relationship between DevOps and digital transformation and ways organizations...
What Going All-Remote Taught Us About Appsec and Testing Shortfalls
The Covid-19 pandemic led to a lot of tech companies converting to remote teams almost overnight, and for some this may even become the norm. While conferencing such as Zoom are widely known for substituting for face-to-face meetings, it’s much less appreciated how the disruption has increased asynchronous communication approaches as people are not always...
Secure Coding: A Practical Guide
Poor coding is one of the main reasons for data breaches. Secure coding practices must be used to maintain a secure application.
AppSec: Pushing Left, Like a Boss
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red...
From Dev to DevSec: How to transform developers into security rockstars
Waterfall, Agile, DevOps… it seems that every few years, a new methodology is born for optimum software creation. While these processes all have their strengths and weaknesses, the streamlining and red tape they often bring can feel like a hindrance to a developer’s main goal of building great software. So how do we shift secure thinking...
DevSecOps vs. SecDevOps: A Rose by Any Other Name?
The terms DevSecOps and SecDevOps are often used interchangeably. Is there any real difference between them? Let’s explore whether there’s a difference.
How to Implement Security at the Speed of DevOps
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact – many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product...
May Open Source Security Vulnerabilities Snapshot
Learn about April's new open source security vulnerabilities, their severity, top CWEs, vulnerabilities per programming language, new XSS in jQuery XSS, and more.
Top Tools and Tips to Improve Your DevOps Pipeline
Are you ready to build your DevOps pipeline? Time to tool up with these top 7 CI/CD technologies that will help you get your feet wet.
Observability: What You Need to Know
Learn why observability is important to DevOps organizations with distributed systems, how observability is different from monitoring, and how to approach the three pillars of observability.
State of the Market CI/CD/ARA
The continuous integration/continuous delivery market has gone through many changes since DevOps came on the scene, but it remains the backbone of the DevOps toolchain. Application release automation has also joined the ranks of must-have DevOps technologies. So where does the market stand currently and what can we expect to see in the next generation...
Harnessing Development to Scale AppSec
GitLab helps you to scale security across your Continuous Integration (CI) process enabling developers to test their code with every code change, right in their existing workflow. By seamlessly integrating WhiteSource’s security application testing solution in GitLab CI, we further reduce context switching and increase developer productivity. This enables developers and InfoSec professionals to work...
April Open Source Security Vulnerabilities Snapshot
Check in to learn about the new open source security vulnerabilities published in March, their severity, top CWEs, vulnerabilities per programming language, new critical FastXML jackson-databind seria
Kubernetes Pod Security Policy Best Practices
Using Kubernetes pod security policies to maximum effect takes some effort. this article explains how to get the most out of Kubernetes pod security policies.
5 Ways to Speed Up Your Software Development Process
We all constantly face the challenge of reducing time-to-market to ensure our company will not lose market share. This challenge has made time the most valuable resource for every software...
Web Application Security at Every Stage of the SDLC
Developments in web applications have increased the risk of malicious attacks. know the steps to secure your enterprise.
March Open Source Security Vulnerabilities Snapshot
Learn about the new open source security vulnerabilities published in February, their severity, top CWEs, vulnerabilities per programming languages
Assessing the Kubernetes Landscape
In the runup to KubeCon + CloudNativeCon Europe, we’ll examine what’s happening in the Kubernetes and containers landscape, including new technologies, services and ecosystems worth knowing about as well as changes looming on the horizon.
InnerSource: How Open Source Best Practices Help Enterprise Development Teams
What are the benefits of InnerSource and how can organizations adopt InnerSource to improve their internal development processes?
What You Need to Know About the New OpenSSH Security Updates
OpenSSH's new v8.2 contains security updates to protect users. Why are the updates important and what do they mean for you?
Predict 2020 – Developers Do Security
Amid all the talk of shifting left, mingling the DevOps and Security tribes and how can we do code better, faster and with more quality a funny thing happened. Security vendors are developing security tools for devs and DevOps. The security team still pays for them, but they won’t buy them without Dev and DevOps...
DevSecOps: Closing the Loop from Detection to Remediation
DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline. Join Senior Product Manager, Shiri Ivtsan, as she discusses: Where and how developers are implementing DevSecOps in the SDLC; Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities; Necessary steps for implementing a process for detection, prioritization,...
Barriers to Container Security and How to Overcome Them
Over the past few years, more and more companies are turning to containerized environments to scale their applications. However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools. This session will...
GitOps Basics: Developers Are Gitting Into Deployment
Is GitOps a passing trend or a DevOps practice that's here to stay? How does the GitOps pipeline work and what are the benefits?
Panel Discussion: Cloud Security – Keeping Serverless Data Safe
The push to the cloud has introduced a previously unknown level of agility to many organizations, but sometimes at the expense of data security. Human error often is the cause of cloud security blunders, putting sensitive data at risk and causing real damage to companies in terms of financial liability and loss of reputation. This...
Tackling the Container Iceberg
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these? Join Codefresh and WhiteSource,...
5 Free Developer Tools We’re Grateful For
Here are five free tools to help developers create and deliver innovative, high-quality, and secure software, faster.
Who Owns Application Security in the Age of DevOps?
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter,...
Panel Discussion: Scaling DevSecOps
The need to include security as part of the DevOps process is well-understood, and greater numbers of DevOps teams are shifting security left to ensure their applications are more secure. But how can an organization scale its DevSecOps efforts without introducing unnecessary friction in the software development life cycle? This webinar explores some of the...
Panel Discussion: Container Management: Configuration, Monitoring and More
The container space has evolved dramatically, growing into a thriving ecosystem that goes well beyond containers to include orchestration platforms, monitoring tools and more to enable end-to-end container management. In this webinar, we explore the expanding category of container management, including technology and market trends and the essentials an organization needs to manage its container...
Fitting Continuous Testing Into Your DevOps Pipeline
Continuous testing or testing automation? Where and how does CT fit into your DevOps pipeline? What are the benefits and best practices? Learn how to succeed at continuous testing.
The Challenges of Scaling DevSecOps
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan,...
Top 5 New Open Source Security Vulnerabilities in September 2019
September's top 5 new open source security vulnerabilities includes popular projects like Swagger UI, the Linux Kernel, Android, Python, and curl.
Top 5 Git Security Mistakes
Make sure that your Github and GitLab repos are secure. Here are the top 5 Git security mistakes to avoid.