What does a modern code security pipeline look like? (Hint: not like a pipeline).
What does an ideal DevSecOps pipeline look like for code security? We've crafted a blueprint to kickstart your journey.
Scaling Secure Code Review in Modern Enterprises
Security engineers often struggle to scale code reviews due to funding, short sprint cycles, and agile integration issues. This post discusses solutions.
Software Security 2.0 - Securing AI Generated Code
Machine learning in software dev is a game-changer, but beware: new research reveals AI-assisted coding might lead to more insecure code.
The implications of adding SAST to your CI/CD pipeline
Continuous integration and deployment pipelines are the ideal places for final checks before production, but should you add big SAST scans into the mix?
DevSecOps for OpenAI: detecting sensitive data shared with generative AIs
The rapid adoption of generative AIs is exciting but comes with the same data risks as any third-party service.
How to Assess Third-Party Data Security
Third parties are a prime source of leaks and breaches when it comes to sensitive data, but there are ways you can properly vet them to minimize risk.
Can we prevent a security incident like Loom’s?
Loom experienced a security incident caused by an unusual source—the order of their express middleware. Here's how to detect the problem in your own code.
Developers access more sensitive data than you think!
To better understand how often developers access sensitive data, you need real numbers. We did the math: it's more than you think.