DevSecOps Archives

OWASP Has Adopted DockSec and the Cloud Security Community Is Taking Notice

With more than 13,000 downloads across more than 40 countries, DockSec has earned its place as an OWASP Incubator Project by doing something most container security tools have not managed: closing the ...

Puspita Pradhan | April 30, 2026 | CI/CD, container security, DevSecOps, kubernetes, open source

Survey Surfaces Raft of Container Security Challenges

A BellSoft survey reveals gaps in container security practices, showing that human error, limited vulnerability scanning, and infrequent patching continue to expose cloud-native environments to risk ...

Mike Vizard | January 29, 2026 | BellSoft survey, cloud native security, container patching, container security, DevSecOps, image signing, Kubernetes security, SBOM, software supply chain security, vulnerability scanning

Docker, secrets, gitguardian Thycotic Kubernetes secrets

Flare Finds 10,000 Docker Hub Images Exposing Secrets

Researchers found thousands of Docker images exposing API keys and tokens, revealing how secrets sprawl, shadow IT, and poor hygiene fuel modern breaches ...

Jeff Burt | December 16, 2025 | API, CI/CD security, cloud computing, container images, credentials, developers and containers, docker hub, exposed secrets, Flare Systems, passwords, shadow IT

devsecops, supply chain, Kubernetes, practices, DevSecOps, JFrog, DevSecOps, Snyk Cerbos DevSecOps authorization incident Deepfence misconfigured Kubernetes security

AI Security in the Cloud-Native DevSecOps Pipeline

As AI reshapes DevSecOps, speed and efficiency collide with new, often hidden, security risks. From machine-generated code flaws to model supply chain threats, the future of cloud-native security depends on blending AI’s ...

Saqib Jan | August 13, 2025 | AI DevSecOps, AI security, cloud native security

state, stateless, kubernetes, scanning, cloudsmith, stateless ephemeral stateful security Kubernetes unikernel Sumo Logic

Cloudsmith Updates Container Registry to Streamline DevSecOps Workflows

Cloudsmith at the Kubecon + CloudNativeCon Europe 2025 conference today added real-time vulnerability scanning along with an ability to automate the signing for container images, as they are cached using the open-source ...

Mike Vizard | April 1, 2025 | container security, containers, DevSecOps

Edera’s Big Container Security Question: Am I Isolated?

Company releases ‘Am I Isolated’, an open source container security benchmark and Rust-based container runtime scanner ...

Adrian Bridgwater | November 11, 2024 | containers, kubernetes, security

JFrog Adds Runtime Platform to Secure Cloud-Native Apps Running on Kubernetes

JFrog today at its swampUP 2024 conference revealed it has added an ability to automate real-time DevSecOps workflows spanning source code to binaries deployed in Kubernetes environments ...

Mike Vizard | September 10, 2024 | DevSecOps, kubernetes, workflows

metrics, agents, ai, cloud-native, cloud native, project, istio, ambient, architecture, modules, cloud native, CCoE Kubernetes Virtana CrowdStrike cloud native

Azure Flaw Highlights Need to Secure Kubernetes Cloud Clusters

A security flaw found by Mandiant in Microsoft's AKS service would have let attackers escalate privileges and steal data ...

Jeff Burt | August 22, 2024 | cybersecurity, Google Mandiant, kubernetes, Microsoft Azure Cloud

Isovalent Strengthens Cloud Native Security via Tetragon Enterprise Update

The goal is to provide an important cybersecurity piece to the cloud-native computing puzzle ...

Mike Vizard | May 3, 2024 | cncf, Isovalent, linux, open source, Tetragon

Docker Hub, container images, Ensuring Container Security

JFrog Reveals Docker Hub Compromise Spanning Millions of Repositories

Malware attacks against millions of Docker Hub repositories have been underway since 2021. Assume all the content you host on a publicly accessible repository might be compromised ...

Mike Vizard | April 30, 2024 | docker, docker hub, JFrog, malware, malware campaign