#devsecops — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

Penguin Alley - Inteligent Solutions @PenguinAlleyAds · 9m

The security scanner built to protect your code was weaponized against it. Trivy was compromised. A self-spreading worm infected 141+ npm packages using blockchain C2. Pin your tool versions. Verify checksums. Trust nothing blindly. #SupplyChain #DevSecOps

zidan @zidan_1013 · 22m

Performance isn’t just speed. It’s consistency. Fast sometimes, slow sometimes = unreliable system. #DevSecOps #buildinpublic #100DaysOfCode

TellersTech @TellersTech · 1h

GitHub Search Gets Stronger #devops #sre #devsecops #github #cloud #devopsengineering #cloudsecurity This is a clip from our recent Ship It Weekly Podcast episode. Visit shipitweekly.fm or link in bio to listen to the full episode!

WindowsForum @windowsforum · 1h

🧯 Microsoft certs as “trust shorthand”? Sure. AZ-500 vs AZ-400 is basically: prove you can secure the cloud you’re already babysitting. Your career needs receipts, not vibes.windowsforum.com/threads/az-500…U #Devsecops #Az400 #AzureCertifications #Az500k

JTCrawford @JtCrawford · 1h

Security researchers scanned 10M websites and found nearly 2,000 valid API keys exposed in public code—including cloud credentials from a global bank. Basic OpSec isn't optional. Every leaked key is an unlocked door. #CyberSecurity #DevSecOps

kevin kubai @KubaiKevin · 3h

⚠️ Common JWT Auth Done pitfalls to avoid New comprehensive guide covering: ✨ Core concepts 🔧 Practical examples ⚡ Performance tips 🎯 Best practices Dive in 👇kubaik.github.io/jwt-auth-done1KMP #TechSecurity #WebDev #DevSecOps #GitLab #coding

Leon Godwin ☁️ @CloudyBiz · 4h

hackerbot-claw stole a write token from a 140k-star GitHub repo using a pull_request_target workflow that nobody had audited. If your CI/CD permissions haven't been reviewed lately, that's the to-do. #GitHubActions #DevSecOps

DevOps Authority @DevOpsAuthority · 4h

Make sure to go check out our blog with various articles related to #DevOps #DevSecOps and #SoftwareDevelopment. #softwareengineering #CICD #GitHub #CircleCI #TravisCI #CodeShip #Jenkins devopsauthority.tech

DevOps Authority

Helping people master the art of DevOps and CI/CD to optimize their workflows!

From devopsauthority.tech

CVERiskPilot @cveriskpilot · 4h

cveriskpilot.com is temporarily down as we migrate to Google Cloud Platform. We're upgrading to Cloud Run, Cloud SQL, and Cloud Armor for faster performance and stronger security. Back online soon. #CVERiskPilot #GCP #DevSecOps

Endura Security @endurasecurity · 4h

Security scanners in CI/CD run with the same privileges they are supposed to protect. Compromise the scanner and you inherit all of them - secrets, network, build artifacts. The tooling IS the attack surface. #DevSecOps #SupplyChainSecurity

NY-squared AI @NYsquaredAI · 5h

Mend.ioが業界初「System Prompt Hardening」を発表。デプロイ前に AIプロンプトリスクを自動検出・修正。 AI命令層のセキュリティが新カテゴリとして確立。 #AISecurity #DevSecOps

Mend.io - AI Powered Application Security

Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components.

From mend.io

Xygeni @xygeni · 5h

Most tools look for CVEs, signatures, hashes. Modern malware doesn’t. It hides in deps, CI/CD, build scripts… and runs at runtime. 👉 No CVE. No alert Better question: What is this code doing when it runs? Read more →xygeni.io/blog/ai-powere…X #AppSec #DevSecOps #CyberSecurity

AI-Powered Malware Detection in SSCS | Xygeni

AI-powered malware detection stops ai malware through behavioral analysis and protects code, dependencies, and CI/CD pipelines.

From xygeni.io

kevin kubai @KubaiKevin · 5h

⚡ Stop making these Unlock Secrets mistakes New comprehensive guide covering: ✨ Core concepts 🔧 Practical examples ⚡ Performance tips 🎯 Best practices Dive in 👇kubaik.github.io/unlock-secretsBaUH #DevSecOps #TechTips #CyberProtection #MachineLearning #Swift

NY-squared AI @NYsquaredAI · 6h

Arcjet ships inline prompt injection defense for production AI. Detecting hostile prompts at the app boundary before inference. 500+ production apps protected. Runtime AI defense is becoming table stakes. #PromptInjection #DevSecOps

Vineet @dvineet9 · 7h

Most security issues don’t come from hackers. They come from misconfigurations. • Public S3 buckets • Open ports • Weak IAM policies Security isn’t a tool. It’s discipline. #Devsecops

Michael Moreira @_michaelmoreira · 7h

Replying to @_michaelmoreira

✗ uses: aquasecurity/trivy-action@v0.19.0 ✓ uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9349b532ab1fc3d4a 71% of orgs never do this. (Datadog DevSecOps 2026) Today's the day to fix it. #DevSecOps #CICD #SupplyChain

Paweł Kucia @PawelKucia · 8h

GitHub's Credential Revocation API now supports OAuth & GitHub App credentials! Revoke exposed tokens programmatically to secure your projects faster. Stay ahead in protecting your repos and integrations. #GitHub #Security #DevSecOps 🔐🚀 ⬇Oo

Muzzamil Hussain مزمل حسین @1sudo · 8h

Replying to @1sudo

5. Accelerates Agentic & Real-World AI Stronger reasoning + coding + cyber = perfect for autonomous agents that debug codebases, run penetration tests, and orchestrate complex workflows. Expect faster development of reliable “AI employees,” deeper integration into #DevSecOps, and meworks. #AI #Anthropic #Claude #Mythos #Capybara #ArtificialIntelligence

Code Gavel @GavelCode · 9h

🤖 Exposed API keys left enterprise AI systems vulnerable. AI compliance isn’t just policy — it’s cybersecurity fundamentals. #AICompliance #CyberSecurity #DevSecOps #DataProtection #TechRisk #CodeGavelS

Knetero @azero853 · 11h

Just when you thought your GitHub repos were safe... a new supply-chain attack is using invisible Unicode characters to hide malicious code in plain sight. 😱 This is why supply-chain security is EVERYONE's problem now. #CyberSecurity #DevSecOps