DevSecOps Archives

Survey Surfaces Raft of Container Security Challenges

A BellSoft survey reveals gaps in container security practices, showing that human error, limited vulnerability scanning, and infrequent patching continue to expose cloud-native environments to risk ...

Mike Vizard | January 29, 2026 | BellSoft survey, cloud native security, container patching, container security, DevSecOps, image signing, Kubernetes security, SBOM, software supply chain security, vulnerability scanning

devsecops, supply chain, Kubernetes, practices, DevSecOps, JFrog, DevSecOps, Snyk Cerbos DevSecOps authorization incident Deepfence misconfigured Kubernetes security

Best of 2025: DevSecOps for Kubernetes: 15 Best Practices for 2025

In today’s environment, it is becoming harder to build secure applications. Applications are becoming increasingly complex, relying on more and more dependencies and components provided by vendors than ever before. These components ...

Carey Bishop | December 30, 2025 | best practices, DevSecOps, kubernetes

TLS, certificates, Docker, vulnerabilities, supply chain, KubeCon, SigStore, Kubernetes TrapX container security

Docker, Inc. Adds More Than a Thousand Free Hardened Container Images

Docker is releasing more than 1,000 hardened container images under an open source license, aiming to cut vulnerabilities and strengthen software supply chains ...

Mike Vizard | December 17, 2025 | Alpine containers, cloud native security, container security, CVE management, Debian containers, DevSecOps, Docker AI Assistant, Docker hardened images, docker hub, hardened container images, open source containers, SBOM, SLSA provenance, software supply chain security

5 Reasons Cloud-Native Companies Should Start Adopting Quantum-Safe Security Today

Quantum computing threatens today’s encryption. Learn why cloud-native organizations must adopt quantum-safe security to stay compliant and resilient ...

metrics, agents, ai, cloud-native, cloud native, project, istio, ambient, architecture, modules, cloud native, CCoE Kubernetes Virtana CrowdStrike cloud native

The Future of Cloud-Native DevOps, DataOps, FinOps and Beyond

Explore how cloud-native DevOps, DataOps, and FinOps are shaping the future of scalable, automated, and intelligent cloud application development ...

How Distroless Containers Defend Against npm Malware Attacks

The npm breach shows why distroless containers matter. Learn how minimal, continuously rebuilt images strengthen cloud-native supply-chain security ...

SRE, autoscaling, Tailscale, Kubernetes, argo cd, Kubernetes v1.33, AI, Nelm, Kubernetes, architecture, , architecture, Rackspace, GPUs, Kubernetes, Solo.io Kubernetes cloud foundry keptn cloud-native automation

Why Traditional Kubernetes Security Falls Short for AI Workloads

AI workloads on Kubernetes bring new security risks. Learn five principles—zero trust, observability, and policy-as-code—to protect distributed AI pipelines ...

runtime, visibility, Chainguard, threat, cloud-native security, Venafi, security, sigstore, KubeCon, cloud-native, security, secure, Rubrik, Kubernetes, Cloud-Native Security Best Practices

Runtime Visibility & AI-powered Security in Cloud-Native Environments

Kubernetes and cloud-native platforms have transformed software delivery — but also redefined the attack surface. As threats shift to runtime, visibility and real-time response have become the new security frontline. AI-driven anomaly ...

DevOps in the Cloud-Native Era: The Blueprint for Blazing-Fast Software Delivery

Cloud-native and DevOps are now non-negotiable for scaling software delivery. Learn how CI/CD, IaC, GitOps, observability, and AI shape modern DevOps success ...

Ashish Upadhyay | October 3, 2025 | AI in DevOps, Amazon DevOps, automation, CI/CD, cloud native, continuous delivery, devops, DevSecOps, DORA metrics, GitOps, infrastructure as code, kubernetes, microservices, Netflix DevOps, observability

visibility, runtime, eBPF Packet-Level Visibility to Workloads

Runtime Visibility: The Missing Layer in Cloud-Native Security

Cloud-native security can’t rely on old perimeter defenses. With workloads spinning up in seconds, runtime visibility is now the missing layer leaders must prioritize. Learn why observability is security, how tools like ...