DevSecOps

8 posts
GitHub
DevSecOpsEnterprise-softwareGitHub-Artifact-AttestationsSLSAsupply-chain-security
Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations

Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process. The post Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations appeared first on The GitHub Blog.

Kristina Heidinger12/19/2024
GitHub
ProductDevSecOpsGitHub-Copilot
GitHub and JFrog partner to unify code and binaries for DevSecOps

This partnership between GitHub and JFrog enables developers to manage code and binaries more efficiently on two of the most widely used developer platforms in the world. The post GitHub and JFrog partner to unify code and binaries for DevSecOps appeared first on The GitHub Blog.

Thomas Dohmke5/29/2024
GitHub
SecurityCodeQLDevSecOpsSAST
The architecture of SAST tools: An explainer for developers

More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities. The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog.

Nicole Choi2/12/2024
GitHub
SecurityAI-InsightsAppSecCodeQLDevSecOpsGitHub-Advanced-SecuritySAST
AppSec is harder than you think. Here’s how AI can help.

In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how. The post AppSec is harder than you think. Here’s how AI can help. appeared first on The GitHub Blog.

Eric Tooley2/6/2024
GitHub
SecurityDevSecOpsgenerative-AIGitHub-Advanced-SecurityGitHub-Universe
5 ways to make your DevSecOps strategy developer-friendly

Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction. The post 5 ways to make your DevSecOps strategy developer-friendly appeared first on The GitHub Blog.

Nick Liffen1/5/2024
GitHub
SecurityDevSecOpssupply-chain-security
How to mitigate OWASP vulnerabilities while staying in the flow

Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities

Mark Paulsen2/6/2023
Microsoft
Engineering@Microsoft1ESDevSecOpsSBOMsecure-supply-chainsecuritySoftware-Bill-of-Materials
Microsoft open sources its software bill of materials (SBOM) generation tool

We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation’s Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. The post Microsoft open sources its software bill of materials (SBOM) generation tool appeared first on Engineering@Microsoft.

Danesh Kumar Badlani7/12/2022
Microsoft
Engineering@Microsoft1ESDevSecOpsExecutive-OrderSBOMsecure-supply-chainsecuritySoftware-Bill-of-MaterialsSPDX
Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces. The post Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft appeared first on Engineering@Microsoft.

Adrian Diglio10/13/2021