The challenge of building and maintaining a secure software supply chain continues to vex enterprise IT leaders. We recently surveyed IT, security, and development leaders in the Anchore 2021 Software Supply Chain Security Report to get some insights into these challenges they and their teams face daily. Here’s a preview of our survey results: Highlights …
By 2023, more than 70% of enterprise DevSecOps initiatives will have incorporated automated security vulnerability and configuration scanning for open-source components and commercial packages, which is a significant increase from fewer than 30% in 2019. Automated security vulnerability and configuration scanning are amongst the DevSecOps best practices that Gartner addresses in their 12 Things to …
Gaining stakeholder buy-in for DevSecOps comes with some upfront work. You don’t want to present to your department’s leadership, much less your C-Suite, to talk about DevSecOps unless you have an accurate picture of where your development teams are currently and where they need to go in the future. Here are three tips for preparing …
3 Tips for getting Stakeholder Buy-in for DevSecOps Read More »
A container registry is becoming a necessity for organizations using containers in cloud-native development projects because it enables them to reuse software components that have already been through a vulnerability scan and other compliance checks. Here’s a look at the current state of container registries: What’s a Container Registry? A container registry, sometimes called a …
On May 12, 2021, President Biden’s Executive Order on Improving the Nation’s Cybersecurity finally hit the street. Amongst all its goodness about the software bill of materials (SBOM), software supply chain security, and cybersecurity there’s some good news about FedRAMP and these developments are going to be a major step forward for government cloud security, …
Cybersecurity Executive Order Brings FedRAMP Changes Aplenty Read More »
On Wednesday, May 12, 2021, President Biden’s new and much-expected Executive Order on Improving the Nation’s Cybersecurity was published. This new executive order (EO) includes a major element outlining new guidelines for how US federal government programs are to interact with industry software suppliers and partners, moving forward. There are many notable improvements throughout the …
Latest Cybersecurity Executive Order Requires an SBOM Read More »
Operations models are coming at us fast and furious these days. To top that off, DevOps and DevSecOps adoption and maturity are only increasing during the pandemic. It’s now incumbent for DevOps and DevSecOps teams to get all their system configurations under the same level of control and governance as they do with their application …
How GitOps plays in a DevOps and DevSecOps World Read More »
SolarWinds and now Codecov point to the need for enterprises to better manage how they procure and intake open source software (OSS) into their DevOps life-cycle. While OSS is “free” it’s not without internal costs as you procure the software and bring it to bear in your enterprise software. Here are five open source procurement …
As the tech industry continues to gather lessons learned from the SolarWinds and now Codecov breaches, it’s safe to say that artificial intelligence and machine learning are going to play a role in the future of DevSecOps. Enterprises are already experimenting with AI and ML with the hopes of reaping future security and developer productivity …
We aren’t about to stop hearing about the need for a software bill of materials (SBOM) and software supply chains security anytime soon. You can expect more news about a Presidential executive order about SBOMs and a new software supply chain breach at Codecov that we’re all still learning more about. Impending Executive Order about …
2 SBOM & Supply Chain Security News Items to Watch Read More »