DevSecOps Archives

The AI Remediation Bottleneck: Why the Software Supply Chain Demands Radical Openness

For years, the DevSecOps movement has operated on a foundational premise that if you detect a vulnerability, you triage it, patch it, and redeploy. This cycle assumes that our capability to remediate ...

John Morello | June 24, 2026 | AI, containers, CVEs, DevSecOps, Known Exploited Vulnerabilities, microservices, public container images, software supply chain

Together, Edera and Minimus Claim They Can Protect Your Software From AI Hackers

Hopefully, they can deliver because AI programs like Anthropic’s Mythos AI are cracking open programs faster than an otter can shuck oysters. MINNEAPOLIS — At Open Source Summit North America, Edera, a ...

Steven Vaughan-Nichols | May 18, 2026 | AI, containers, Edera, Minimus, security

OWASP Has Adopted DockSec and the Cloud Security Community Is Taking Notice

With more than 13,000 downloads across more than 40 countries, DockSec has earned its place as an OWASP Incubator Project by doing something most container security tools have not managed: closing the ...

Puspita Pradhan | April 30, 2026 | CI/CD, container security, DevSecOps, kubernetes, open source

Survey Surfaces Raft of Container Security Challenges

A BellSoft survey reveals gaps in container security practices, showing that human error, limited vulnerability scanning, and infrequent patching continue to expose cloud-native environments to risk ...

Mike Vizard | January 29, 2026 | BellSoft survey, cloud native security, container patching, container security, DevSecOps, image signing, Kubernetes security, SBOM, software supply chain security, vulnerability scanning

Docker, secrets, gitguardian Thycotic Kubernetes secrets

Flare Finds 10,000 Docker Hub Images Exposing Secrets

Researchers found thousands of Docker images exposing API keys and tokens, revealing how secrets sprawl, shadow IT, and poor hygiene fuel modern breaches ...

Jeff Burt | December 16, 2025 | API, CI/CD security, cloud computing, container images, credentials, developers and containers, docker hub, exposed secrets, Flare Systems, passwords, shadow IT

devsecops, supply chain, Kubernetes, practices, DevSecOps, JFrog, DevSecOps, Snyk Cerbos DevSecOps authorization incident Deepfence misconfigured Kubernetes security

AI Security in the Cloud-Native DevSecOps Pipeline

As AI reshapes DevSecOps, speed and efficiency collide with new, often hidden, security risks. From machine-generated code flaws to model supply chain threats, the future of cloud-native security depends on blending AI’s ...

Saqib Jan | August 13, 2025 | AI DevSecOps, AI security, cloud native security

state, stateless, kubernetes, scanning, cloudsmith, stateless ephemeral stateful security Kubernetes unikernel Sumo Logic

Cloudsmith Updates Container Registry to Streamline DevSecOps Workflows

Cloudsmith at the Kubecon + CloudNativeCon Europe 2025 conference today added real-time vulnerability scanning along with an ability to automate the signing for container images, as they are cached using the open-source ...

Mike Vizard | April 1, 2025 | container security, containers, DevSecOps

Edera’s Big Container Security Question: Am I Isolated?

Company releases ‘Am I Isolated’, an open source container security benchmark and Rust-based container runtime scanner ...

Adrian Bridgwater | November 11, 2024 | containers, kubernetes, security

JFrog Adds Runtime Platform to Secure Cloud-Native Apps Running on Kubernetes

JFrog today at its swampUP 2024 conference revealed it has added an ability to automate real-time DevSecOps workflows spanning source code to binaries deployed in Kubernetes environments ...

Mike Vizard | September 10, 2024 | DevSecOps, kubernetes, workflows