Fugue today unveiled a 1.0 release for Regula, an open source policy engine for infrastructure-as-code (IaC) security that comes with prebuilt libraries for implementing hundreds of policies that validate configurations on Amazon Web Services (AWS), Microsoft Azure and Google Cloud services. Regula is based on the Open Policy Agent (OPA) software being advanced under the […]
0 CommentsJFrog today announced it has agreed to acquire Vdoo for $300 million in cash to gain a set of analytics tools that discover vulnerabilities in application binaries. Vdoo’s scanning tools, infused with machine learning algorithms, will be fully integrated with the JFrog Xray vulnerability detection tools along with the rest of the JFrog continuous integration/continuous […]
0 CommentsCloud computing is now mainstream, with almost all organizations running at least some resources in the public cloud—whether software-as-a-service (SaaS), platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS). Security teams have been scrambling to adapt to cloud environments, and with the growing adoption of DevSecOps, they are working together with DevOps teams to secure cloud systems from the […]
0 CommentsIn my prior blog, Continuous Testing – The Quest for Quality at Speed, I described five tenets and some of the practices for continuous testing to help with understanding what continuous testing is. In my consulting work, I find it necessary to use 15 categories of practices to assess an organizations’ continuous testing capabilities. Given […]
0 CommentsOpen Source Languages and Tools for z/OS Empower your developers to use their preferred open source languages. We offer many open source languages and tools—including Git, R and Python—that allow any developer to harness the power of the mainframe without having to spend months learning new skills. Git Git is a version control system […]
0 CommentsAPI security Modern applications are mobile first and are built around cloud-native distributed microservices architectures. These architectures have become the basic building blocks for complex and reliable distributed web and mobile applications. Many of these distributed APIs expose the business logic directly over the web; hence the attack surface and attack vectors are very different […]
0 CommentsThere is no shortage of titles to go with all the tasks that make up a DevOps workflow, but given the critical role developers now play within any organization, it might be time for organizations to start creating a developer experience engineer (DXE) function within DevOps teams that is specifically tasked with increasing developer productivity. […]
0 CommentsWhile its roots can be traced back to rapid-application development (RAD), low-code application development started to gain serious momentum about three years ago. Initially, some in the DevOps community dismissed the trend, even as myriad approaches—from no-code to low-code for professional developers—started to enter the market. At the time, enterprises of all sizes had embraced […]
0 CommentsIn my prior blog, Continuous Testing – The Quest for Quality at Speed, I described five tenets and some of the practices for continuous testing to help explain what continuous testing is. In my consulting work, I find it necessary to use 15 categories of practices to assess an organizations’ continuous testing capabilities. Given the […]
0 CommentsDynatrace has added a security module to its observability platform that leverages its Davis artificial intelligence (AI) engine to automatically identify the software libraries and open source packages that represent the greatest security risk. Ajay Gandhi, vice president of product marketing for Dynatrace, said the Davis Security Advisor, made available as part of the Dynatrace […]
0 Comments