Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The success of any application or cloud security initiative depends on developer buy-in, so they can fix vulnerabilities before arriving in production. So why can it be challenging to empower developers to secure their code early? The answer is simple: security is usually slow. Developers are motivated to deliver innovative features faster than their competitors, so introducing new processes into the CI/CD pipeline that slow them down could understandably be met with resistance.

On February 15th, our friends at Semgrep hosted a meet up for the OWASP community at their beautiful office in San Francisco. Application security professionals and developers in the San Francisco tech community showed up to discuss what has been working for them, what isn’t working, and upcoming trends in the world of application security. In this short recap, we’ll explore some of the topics discussed by Semgrep’s Kyle Kelly and our very own Aviram Shmueli.

Are you concerned about the security of your AWS environment? With over 73% of businesses having at least one critical security misconfiguration, it's essential to take proactive measures to protect your data and applications. While AWS is responsible for the security of the underlying infrastructure, you are responsible for securing your data and applications in the cloud.

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.

This blog article summarizes a talk given by David Melamed, Jit CTO, at Pycon DE & PyData 2022 in Berlin. In every software development project, before even writing the first line of code, you gotta pick an architecture for your repo. Picking an architecture is not easy. There are many tradeoffs that need to be considered and this choice will impact future development.

With DevSecOps, cybersecurity has become integrated into every phase of the software development lifecycle (SDLC). DevSecOps tools work across development, security, and operations siloes and enable these teams to work collaboratively, ensuring security vulnerabilities are addressed early and efficiently, reducing risks before they reach production.

AI is transforming industries at an unprecedented pace. From generative AI tools revolutionizing creative work to AI assistants reshaping enterprise workflows, one thing is clear: this technology is no longer a nice-to-have; it’s a must-have. But what about DevSecOps - the teams tasked with safeguarding our modern apps and infrastructure and ensuring their reliability?

Today, we’re thrilled to announce Jit Tags, which organizes security risks across your environment by microservice, application, business unit, and other vectors, while providing a high-level risk overview of each component.

As DevOps adoption has grown, organizations are pushing code into production faster than ever. However, the fast pace of DevOps has led many developers to view security as a bottleneck or afterthought, which means security teams need a new approach to keep up.