All CosmicBytez Labs articles tagged #DevSecOps, across news, security advisories, how-to guides, and projects.
DockSec, an OWASP incubator project, combines multiple container security scanners with AI-generated plain-English remediation guidance and exact Dockerfile.
Cybersecurity researchers have uncovered Megalodon, an automated attack campaign that pushed 5,718 malicious commits to over 5,500 GitHub repositories in...
Adversaries are increasingly weaponizing CI/CD pipelines as a living-off-the-land vector — abusing trusted build infrastructure to execute attacks without...
A new class of security tooling called Build Application Firewalls inspects runtime behavior inside software build pipelines rather than just scanning...
The rebuilt Chainguard Factory platform adds deeper security automation designed to continuously reconcile open source artifacts across containers,...
The accidental exposure of Anthropic's Claude Code source code via an npm packaging error is the latest reminder that software supply chains need...
Cisco has suffered a major cyberattack after threat actors leveraged stolen credentials from the recent Trivy supply chain compromise to breach its...
GitGuardian's State of Secrets Sprawl 2026 report found 29 million new hardcoded secrets in public GitHub repositories in 2025 alone — a 34%...
Learn how to use Trivy to scan container images, Dockerfiles, Kubernetes manifests, and Terraform for vulnerabilities and misconfigurations — then...
Deploy and configure HashiCorp Vault to securely store, rotate, and audit secrets across your infrastructure — covering installation, auth methods,...
Step-by-step guide to deploying Falco as a Kubernetes runtime security engine. Covers Helm installation, custom rule authoring, Falcosidekick alerting...
Betterleaks is a new open-source tool that scans directories, files, and git repositories for valid secrets — and validates them against live APIs before...
Deploy HashiCorp Vault to centrally manage secrets, certificates, and dynamic credentials — eliminating hardcoded passwords from your infrastructure with...
Build guardrails around AI-generated code with Claude Code hooks, security-scanning agents, OWASP-aware prompting, and automated secret detection. A...
Pre-deployment checklist for launching new applications into production — security review gates, monitoring setup, rollback procedures, dependency...
Harden your CI/CD pipeline by replacing long-lived secrets with OIDC short-lived tokens, pinning third-party actions to commit SHAs, enforcing...
Learn essential Docker security practices including image scanning, runtime protection, network isolation, and secrets management for production environments.