Tagged articles

144 articles

Page 1 of 2

May 3, 2026 · Information Security

Claude Security Public Beta: How AI‑Driven Scanning Moves Code Security into Production

Claude Security’s public beta demonstrates how Anthropic’s AI‑driven scanner moves vulnerability detection from post‑deployment patching to pre‑commit prevention, offering full‑repo analysis, multi‑stage verification, IDE integration, lower false positives, and sparking industry debate over dual‑use risks and regulatory impact.

AI code scanningAnthropicClaude Security

0 likes · 10 min read

Claude Security Public Beta: How AI‑Driven Scanning Moves Code Security into Production

DevOps in Software Development

Apr 22, 2026 · Industry Insights

How Do Military Software Factories Scale? Lessons from the U.S. DoD’s Total‑Branch Model

This article analyses the evolution of software engineering, examines the U.S. Department of Defense’s distributed software‑factory network, identifies governance and integration challenges for large defence organisations, and proposes a “total‑branch” design that unifies platform, process and team structures to achieve scalable, secure DevSecOps delivery.

AutomationDevSecOpsMilitary

0 likes · 30 min read

How Do Military Software Factories Scale? Lessons from the U.S. DoD’s Total‑Branch Model

DevOps in Software Development

Apr 6, 2026 · Industry Insights

How Lockheed Martin Turns Its Software Factory into Continuous Combat Capability

This article analyses Lockheed Martin’s publicly disclosed software‑factory approach, showing how it prioritises sustained delivery of mission‑critical capabilities through tightly integrated DevSecOps, standardized environments, cloud‑native and GitOps practices, and an evolving focus on system interoperability.

Cloud NativeContinuous DeliveryDevSecOps

0 likes · 6 min read

How Lockheed Martin Turns Its Software Factory into Continuous Combat Capability

Woodpecker Software Testing

Apr 5, 2026 · Information Security

Adversarial Testing: Strengthening Software Security Beyond Traditional Reliability

The article examines how adversarial testing—originating from machine‑learning robustness checks—has expanded to a full‑stack security practice, detailing intelligent generation techniques, DevSecOps integration, real‑world incidents, and its emerging role as a core resilience standard.

AI RobustnessDevSecOpsResilience

0 likes · 6 min read

Adversarial Testing: Strengthening Software Security Beyond Traditional Reliability

DevOps in Software Development

Apr 2, 2026 · Industry Insights

How Military Software Factories Turn Code into Digital Ammunition

This article analyzes the strategic definition, measurable goals, and phased implementation steps of a defense‑oriented software factory, detailing how DevSecOps, zero‑trust infrastructure, and continuous metrics transform code into scalable, low‑cost digital weaponry for faster, more resilient warfighting.

Continuous DeliveryDevSecOpsMilitary Software

0 likes · 18 min read

How Military Software Factories Turn Code into Digital Ammunition

DevOps in Software Development

Mar 11, 2026 · Industry Insights

Can Continuous Authorization (cATO) Revolutionize Secure Software Delivery in High‑Security Sectors?

This article examines the US DoD's Continuous Authorization (cATO) framework, explains its core capabilities and implementation engine, and explores how its principles can be adapted to China’s tightly regulated military and critical‑infrastructure environments despite air‑gapped constraints.

Compliance AutomationDevSecOpsSoftware Security

0 likes · 11 min read

Can Continuous Authorization (cATO) Revolutionize Secure Software Delivery in High‑Security Sectors?

AI Explorer

Mar 8, 2026 · Information Security

Anthropic’s Claude Opus Finds 22 Firefox Bugs in Two Weeks, Hinting at a Security Paradigm Shift

In just two weeks, Anthropic’s Claude Opus 4.6 model identified 22 security flaws in the Firefox codebase, including 14 high‑severity issues, demonstrating that advanced AI can move from auxiliary analysis to core vulnerability hunting and potentially reshape the security industry’s fundamental dynamics.

AI securityClaude OpusDevSecOps

0 likes · 6 min read

Anthropic’s Claude Opus Finds 22 Firefox Bugs in Two Weeks, Hinting at a Security Paradigm Shift

AI Insight Log

Feb 20, 2026 · Artificial Intelligence

Claude Code Security Agent Launch Sparks Cybersecurity Stock Crash – What Next?

Anthropic’s limited‑preview Claude Code Security, an AI agent that reads and patches code, triggered a sharp sell‑off in major cybersecurity stocks, while its ability to uncover hundreds of hidden bugs raises questions about the future role of traditional security firms and junior analysts.

AI securityAnthropicClaude Code

0 likes · 7 min read

Claude Code Security Agent Launch Sparks Cybersecurity Stock Crash – What Next?

DevOps in Software Development

Jan 12, 2026 · R&D Management

Why a Military Software Factory Needs More Than Just Tools: Building an Engineered DevSecOps System

The article argues that a true military software factory is not merely a collection of automation tools, but an integrated DevSecOps-driven engineering system that unifies governance, standardized processes, and platform support to achieve secure, compliant, and measurable software production.

AutomationDevSecOpsMilitary Software

0 likes · 7 min read

Why a Military Software Factory Needs More Than Just Tools: Building an Engineered DevSecOps System

DevOps in Software Development

Nov 27, 2025 · Industry Insights

Can the US Marine Corps’ Software Factory Birth a New Military Software Profession?

The article analyzes the US Marine Corps' pilot software factory, its potential expansion into a permanent military occupational specialty, the management implications of merging development and operational domains, and how emerging DevSecOps practices may shape the future of software‑focused military careers.

DevSecOpsMilitary SoftwareSoftware Engineering

0 likes · 12 min read

Can the US Marine Corps’ Software Factory Birth a New Military Software Profession?

DevOps in Software Development

Oct 16, 2025 · Industry Insights

Is the Air Force’s Kessel Run Software Factory Really Dead? Lessons from Its Rise and Fall

The article examines the Air Force’s Kessel Run software factory, tracing its rapid ascent through agile and DevSecOps practices, the operational and bureaucratic challenges that later hampered it, and the lasting impact it has on military digital transformation.

Agile DevelopmentDevSecOpsDigital Transformation

0 likes · 8 min read

Is the Air Force’s Kessel Run Software Factory Really Dead? Lessons from Its Rise and Fall

Ops Development & AI Practice

Sep 6, 2025 · Information Security

Why Web3’s “Code is Law” Makes DevSecOps a Survival Imperative

The article analyzes why Web3’s immutable, code‑as‑law nature forces a shift from traditional post‑deployment audits to continuous DevSecOps practices, and extends this security imperative to other high‑risk sectors such as critical infrastructure, aerospace, and medical devices.

DeFiDevSecOpsHigh‑Risk Industries

0 likes · 7 min read

Why Web3’s “Code is Law” Makes DevSecOps a Survival Imperative

Ops Development & AI Practice

Sep 6, 2025 · Information Security

Endogenous Security: Creating Self‑Protecting Systems Beyond the Fortress Model

The article redefines security by introducing the concept of endogenous security, explaining its origins, biological analogy, core characteristics, and how it synergizes with DevSecOps to embed self‑protecting, adaptive immunity directly into software and infrastructure rather than relying on external defenses.

DevSecOpsEndogenous SecurityProactive Defense

0 likes · 8 min read

Endogenous Security: Creating Self‑Protecting Systems Beyond the Fortress Model

Ops Development & AI Practice

Aug 23, 2025 · Information Security

Why You Should Enable Both SAST and Dependency Scanning in GitLab CI/CD

In GitLab CI/CD pipelines, SAST and Dependency Scanning are independent, complementary security mechanisms—one inspects your own source code while the other checks third‑party libraries—so enabling both provides a comprehensive defense against vulnerabilities.

Dependency ScanningDevSecOpsGitLab

0 likes · 7 min read

Why You Should Enable Both SAST and Dependency Scanning in GitLab CI/CD

DevOps Operations Practice

Aug 5, 2025 · Information Security

Master Web Security Testing with ZAP: Core Features, Usage, and CI/CD Integration

ZAP (Zed Attack Proxy) is an OWASP open-source web application security testing tool that offers proxy interception, active and passive scanning, integrates with CI/CD pipelines, and supports manual and automated testing to detect vulnerabilities such as SQL injection, XSS, SSRF, and compliance issues.

Active ScanDevSecOpsPassive Scan

0 likes · 5 min read

Master Web Security Testing with ZAP: Core Features, Usage, and CI/CD Integration

MaGe Linux Operations

Jul 28, 2025 · Information Security

Master Docker Container Security: Real Attack Scenarios & Defense Strategies

Explore comprehensive Docker container security from an attacker’s perspective to expert defenses, featuring real-world escape incidents, threat matrices, five detailed penetration testing scenarios, enterprise-grade protection frameworks, monitoring scripts, and actionable best practices for securing images, runtimes, networks, and access controls.

Container SecurityDevSecOpsDocker

0 likes · 17 min read

Master Docker Container Security: Real Attack Scenarios & Defense Strategies

FunTester

Jul 28, 2025 · Information Security

Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code

This article explores the core principles, strengths, and limitations of four major application security testing approaches—Static (SAST), Dynamic (DAST), Interactive (IAST), and Runtime Application Self‑Protection (RASP)—and compares them in a concise table to guide developers in building a comprehensive security strategy.

Application SecurityDASTDevSecOps

0 likes · 8 min read

Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code

21CTO

Jul 24, 2025 · Artificial Intelligence

How AI and DevSecOps Will Transform Software Testing by 2025

The article outlines seven emerging software‑testing trends—including AI‑driven test case generation, shift‑left/right strategies, AI‑enhanced CI pipelines, security testing within DevSecOps, and cloud‑native testing—explaining how they will boost automation, reliability, and user‑centric quality for 2025 and beyond.

AI testingAutomationDevSecOps

0 likes · 8 min read

How AI and DevSecOps Will Transform Software Testing by 2025

Cloud Native Technology Community

Jun 13, 2025 · Cloud Native

CNAPP: The Key to Securing Cloud‑Native Applications from Containers to Lifecycle

This article examines the evolution of container security into comprehensive cloud‑native protection, explaining CNAPP concepts, technical roadmaps, industry challenges, and best‑practice recommendations for integrating security across the entire application lifecycle, while highlighting market trends and future directions.

CNAPPCloud NativeContainer Security

0 likes · 26 min read

CNAPP: The Key to Securing Cloud‑Native Applications from Containers to Lifecycle

Alibaba Cloud Developer

Mar 17, 2025 · Information Security

How Alibaba Cloud Designs Secure DevSecOps Architecture: Lessons for Enterprises

This article details Alibaba Cloud’s practical experience in designing secure DevSecOps architectures, outlining the challenges of balancing development speed with security, the roles and processes for security architecture design, layered defense strategies, and zero‑trust implementations to help enterprises strengthen product security from the outset.

Alibaba CloudDevSecOpsSecurity Architecture

0 likes · 14 min read

How Alibaba Cloud Designs Secure DevSecOps Architecture: Lessons for Enterprises

Cloud Native Technology Community

Mar 6, 2025 · Information Security

Shift-Down Security: Embedding Security into Cloud‑Native Platforms

The article introduces the Shift‑Down Security model for Kubernetes, explaining how moving security controls into the platform complements Shift‑Left practices, reduces vulnerabilities and configuration errors, and enables collaborative, automated, and adaptive protection across development, operations, and security teams in cloud‑native environments.

DevSecOpsKubernetesShift-Down Security

0 likes · 14 min read

Shift-Down Security: Embedding Security into Cloud‑Native Platforms

FunTester

Feb 26, 2025 · Industry Insights

8 Software Testing Trends Shaping 2025: AI, Low‑Code, Shift‑Left/Right & More

The article outlines eight major software testing trends for 2025—including AI‑driven test automation, low‑code tools, shift‑left/right practices, chaos engineering, DevSecOps security testing, performance engineering, and autonomous testing—while advising engineers on skill upgrades and cross‑functional collaboration.

AI testingDevSecOpsShift-Left

0 likes · 16 min read

8 Software Testing Trends Shaping 2025: AI, Low‑Code, Shift‑Left/Right & More

Efficient Ops

Dec 30, 2024 · Operations

How China’s Top Bank Secured Dual DevOps & DevSecOps Certifications

In 2024, China’s Bank of Communications became the first state-owned bank to earn dual certifications for ITU DevOps and domestic DevSecOps standards, showcasing advanced performance‑measurement, security, and continuous‑testing platforms that align with national information‑standard internationalization goals.

BankingTechnologyDevOpsDevSecOps

0 likes · 11 min read

How China’s Top Bank Secured Dual DevOps & DevSecOps Certifications

Efficient Ops

Dec 23, 2024 · Information Security

How China Pacific Insurance Earned Dual International & Domestic DevSecOps Certifications

China Pacific Insurance’s chief technology expert and senior security manager discuss how their flagship e‑commerce platform achieved the DevSecOps security delivery level‑2 assessment, the challenges faced, cultural and procedural changes implemented, and the measurable benefits of aligning with both ITU international and domestic standards.

Case StudyChinaDevSecOps

0 likes · 15 min read

How China Pacific Insurance Earned Dual International & Domestic DevSecOps Certifications

Efficient Ops

Dec 18, 2024 · Information Security

How a Chinese Bank Won Top‑Tier DevSecOps Certification

The article details how China’s Bank of Communications achieved top‑tier DevSecOps certification under both the ITU international standard and China’s domestic DevOps maturity model, describing the assessment process, security tool improvements, interview insights, and the broader push for standardization and digital financial risk mitigation.

Bank of CommunicationsCAICTDevSecOps

0 likes · 11 min read

How a Chinese Bank Won Top‑Tier DevSecOps Certification

Efficient Ops

Dec 18, 2024 · Information Security

How China Pacific Insurance Achieved Advanced DevSecOps Certification and Boosted Security

China Pacific Insurance (CPIC) detailed its journey through the dual ITU DevOps international and domestic DevSecOps assessments, sharing the cultural, procedural, and technical practices that enabled it to attain a Level‑2 security delivery certification and elevate its overall risk management capabilities.

DevSecOpsIT GovernanceInsurance

0 likes · 16 min read

How China Pacific Insurance Achieved Advanced DevSecOps Certification and Boosted Security

DevOps

Nov 28, 2024 · Information Security

The Myths and Challenges of Security Left‑Shift in Software Development

This article examines the origins, questionable cost‑saving claims, and practical challenges of the security‑left‑shift movement, highlighting CISA’s skeptical report, the over‑reliance on tools, and the need for empirical research to validate security integration early in the software development lifecycle.

CISADevSecOpsSecurity

0 likes · 11 min read

The Myths and Challenges of Security Left‑Shift in Software Development

DevOps

Nov 26, 2024 · Information Security

10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)

This article outlines ten essential best‑practice principles for implementing a Secure Development Lifecycle (SDL), covering top‑down leadership, alignment with existing management systems, visualizable processes, security goal classification, componentized security capabilities, supply‑chain management, service‑oriented SDL, DevSecOps toolchains, continuous optimization, and staff training.

DevSecOpsSDLSecure Development

0 likes · 17 min read

10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)

DevOps Cloud Academy

Nov 11, 2024 · Information Security

Implementing a Secure Multi‑Language DevSecOps CI/CD Pipeline with Jenkins

This article details how to build a comprehensive DevSecOps CI/CD pipeline using Jenkins that integrates source control, SonarCloud, Snyk, Docker, Trivy, Kubernetes, and ZAP to automate building, testing, scanning, and deploying multi‑language applications securely and efficiently.

DevSecOpsDockerJenkins

0 likes · 17 min read

Implementing a Secure Multi‑Language DevSecOps CI/CD Pipeline with Jenkins

Cloud Native Technology Community

Nov 7, 2024 · Cloud Native

Top Microservices Trends Shaping 2025: Edge, Serverless, AI & More

Microservices are evolving toward 2025 with trends such as edge computing, container orchestration via Kubernetes, DevSecOps, serverless functions, AI-driven management, advanced observability, API gateways, service meshes, multi-language services, event-driven designs, improved data handling, low-code integration, and stronger resilience, reshaping agile, scalable software development.

AICloud NativeDevSecOps

0 likes · 10 min read

Top Microservices Trends Shaping 2025: Edge, Serverless, AI & More

Bilibili Tech

Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

Application SecurityDASTDevSecOps

0 likes · 15 min read

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

Efficient Ops

Apr 25, 2024 · Information Security

How China Agricultural Bank Achieved National‑Level DevSecOps Excellence Across Five Projects

China Agricultural Bank’s five key projects—including a unified encryption platform, mobile note app, WeChat credit‑card service, open‑banking gateway, and IoT operation module—successfully passed the CAICT DevSecOps Level‑2 assessment, demonstrating advanced security capabilities and offering valuable insights into large‑scale DevSecOps implementation.

Case StudyDevOpsDevSecOps

0 likes · 16 min read

How China Agricultural Bank Achieved National‑Level DevSecOps Excellence Across Five Projects

21CTO

Apr 18, 2024 · Information Security

Why 90% of Java Services Harbor Critical Vulnerabilities – Datadog 2024 Report

Datadog’s 2024 DevSecOps report reveals that 90% of Java services contain at least one severe vulnerability—far higher than other languages—largely due to indirect dependencies, and stresses the need for comprehensive dependency scanning, prioritized remediation, and robust alert triage to manage the flood of low‑impact automated attacks.

Dependency ScanningDevSecOpsJava

0 likes · 5 min read

Why 90% of Java Services Harbor Critical Vulnerabilities – Datadog 2024 Report

DevOps

Jan 9, 2024 · Fundamentals

Top 10 Software Development Trends for 2024

2024 will see software development transformed by quantum computing integration, edge‑IoT synergy, blockchain beyond cryptocurrency, responsible AI practices, AR/VR convergence, DevSecOps security embedding, continued containerization and serverless adoption, progressive web apps, test automation, and cloud‑native multi‑cloud strategies, reshaping how engineers build and deploy applications.

2024BlockchainCloud Native

0 likes · 9 min read

Top 10 Software Development Trends for 2024

Efficient Ops

Jan 8, 2024 · Information Security

How a Securities Firm Built a 100‑Day DevSecOps Prototype

At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.

Application SecurityDevSecOpsOperations

0 likes · 5 min read

How a Securities Firm Built a 100‑Day DevSecOps Prototype

Efficient Ops

Dec 18, 2023 · Information Security

How China Postal Savings Bank Reached Advanced DevSecOps Standards

The article details China Postal Savings Bank's successful DevSecOps assessment, showcasing the bank's cultural, procedural, and technical implementations that boosted security, collaboration, and compliance, while sharing interview insights and future plans for broader DevSecOps adoption.

Case StudyDevOpsDevSecOps

0 likes · 15 min read

How China Postal Savings Bank Reached Advanced DevSecOps Standards

Efficient Ops

Dec 17, 2023 · Information Security

How China Postal Savings Bank Achieved Advanced DevSecOps Standards

China Postal Savings Bank’s software R&D center detailed how its Gold‑Metal Cloud Mall project passed the CAICT DevSecOps Level‑2 assessment, showcasing a comprehensive cultural, process and technical rollout that boosted security metrics, cross‑team collaboration, and positioned the bank at the forefront of digital transformation.

Case StudyDevSecOpsDigital Transformation

0 likes · 17 min read

How China Postal Savings Bank Achieved Advanced DevSecOps Standards

Alibaba Cloud Native

Dec 15, 2023 · Cloud Native

Mastering Cloud‑Native DevSecOps: End‑to‑End Security with Alibaba ACK & ACR

This article examines the security challenges of cloud‑native adoption, outlines a mature threat‑modeling methodology, and details how Alibaba Cloud's ACK and ACR services can be leveraged to implement a comprehensive DevSecOps pipeline that secures the entire application lifecycle.

CNAPPContainerDevSecOps

0 likes · 24 min read

Mastering Cloud‑Native DevSecOps: End‑to‑End Security with Alibaba ACK & ACR

Architect

Dec 5, 2023 · Backend Development

How to Build an Efficient, Low‑Complexity Microservices Architecture

This article outlines nine practical best‑practice steps for designing a low‑complexity, high‑efficiency microservices ecosystem, covering principles such as the Single Responsibility Principle, cross‑functional team organization, appropriate tooling, asynchronous communication, DevSecOps security, independent data stores, isolated deployment, orchestration, and effective monitoring, each illustrated with concrete examples.

Backend ArchitectureDevOpsDevSecOps

0 likes · 14 min read

How to Build an Efficient, Low‑Complexity Microservices Architecture

DevOps Cloud Academy

Nov 27, 2023 · Operations

Implementing a DevSecOps CI/CD Pipeline for Multi‑Language Applications with Jenkins

This article walks through building a comprehensive DevSecOps CI/CD pipeline in Jenkins that integrates source control, static analysis, vulnerability scanning, multi‑language builds, Docker image creation, Trivy security checks, Kubernetes deployment, and ZAP DAST testing to securely deliver applications across various runtimes.

DevSecOpsDockerJenkins

0 likes · 18 min read

Implementing a DevSecOps CI/CD Pipeline for Multi‑Language Applications with Jenkins

Efficient Ops

Nov 7, 2023 · Information Security

How CICC Achieved Advanced DevSecOps Standards: A Deep Dive into Their Success

CICC’s two flagship projects passed the DevSecOps Level‑2 security and risk management assessments, showcasing how the firm integrated security into its DevOps pipeline, overcame cultural and technical challenges, and plans further enhancements to maintain a leading position in China’s financial sector.

CICCDevOps assessmentDevSecOps

0 likes · 16 min read

How CICC Achieved Advanced DevSecOps Standards: A Deep Dive into Their Success

Efficient Ops

Nov 1, 2023 · Information Security

How CICC Reached Advanced DevSecOps Standards: Inside Their Security Success

The article details CICC's successful completion of multiple DevSecOps assessments, shares interview insights from senior IT leaders on cultural, process, and technical implementations, and provides an overview of the DevOps capability maturity model and industry participation statistics, illustrating how standardized DevOps practices boost security and efficiency.

Case StudyContinuous DeliveryDevOps

0 likes · 16 min read

How CICC Reached Advanced DevSecOps Standards: Inside Their Security Success

Efficient Ops

Oct 30, 2023 · Information Security

How Inner Mongolia Mobile Reached Advanced DevSecOps Standards in China

Inner Mongolia Mobile’s Unified 4A System passed the CAICT DevSecOps Level‑2 security assessment, showcasing how standardized DevOps practices, cultural shifts, process improvements, and automation tools can elevate an enterprise’s security maturity and drive digital transformation.

ChinaDevOpsDevSecOps

0 likes · 11 min read

How Inner Mongolia Mobile Reached Advanced DevSecOps Standards in China

Efficient Ops

Oct 27, 2023 · Information Security

How CICC’s iBanker Project Achieved Advanced DevSecOps Certification

At the 2023 GOPS Global Operations Conference, China International Capital Corporation (CICC) showcased its successful DevSecOps Level‑2 assessments for two major projects, revealing detailed cultural, process, and technical practices that elevated its security posture and set a benchmark for the industry.

CICCDevOpsDevSecOps

0 likes · 15 min read

How CICC’s iBanker Project Achieved Advanced DevSecOps Certification

Huolala Tech

Oct 23, 2023 · Information Security

How Huolala Secures Kubernetes: Real-World Container Security Practices

This article details Huolala's end‑to‑end container security strategy—from Kubernetes component basics and a real unauthorized‑access incident to lifecycle‑based safeguards, threat‑matrix guidance, image/ecosystem/baseline/runtime protections, and a custom HIDS architecture—offering practical insights for cloud‑native environments.

Cloud NativeContainer SecurityDevSecOps

0 likes · 14 min read

How Huolala Secures Kubernetes: Real-World Container Security Practices

DevOps Operations Practice

Oct 8, 2023 · Information Security

Essential DevSecOps Tools for Securing CI/CD Pipelines

This article introduces five open‑source DevSecOps tools—Trivy, Gerrit, OWASP Dependency‑Check, Arachni, and Falco—that help integrate automated security checks into CI/CD pipelines, improve vulnerability detection, and ensure compliance throughout the software delivery process.

ArachniDevSecOpsFalco

0 likes · 5 min read

Essential DevSecOps Tools for Securing CI/CD Pipelines

DevOps Cloud Academy

Sep 24, 2023 · Operations

Migrating Legacy Cron Jobs to Jenkins CI/CD for a Global Cybersecurity Company

To keep ahead of hackers and fraud, a global cybersecurity firm replaced its fragmented cron‑based build, test, and release processes with a unified Jenkins CI/CD pipeline, integrating GitLab, Docker, and monitoring tools, thereby automating deployments, improving visibility, and streamlining DevSecOps across multiple projects.

AutomationDevSecOpsDocker

0 likes · 5 min read

Migrating Legacy Cron Jobs to Jenkins CI/CD for a Global Cybersecurity Company

21CTO

Sep 10, 2023 · Artificial Intelligence

Why Only 23% of DevSecOps Teams Use AI – Surprising Findings from GitLab’s 2023 Survey

A GitLab 2023 survey of over 10,000 DevSecOps professionals reveals that only 23% of teams have adopted AI in their software development lifecycle, while up to 90% plan to use it, highlighting training needs, security concerns, and the growing importance of AI for competitiveness.

AI adoptionAI toolsDevSecOps

0 likes · 7 min read

Why Only 23% of DevSecOps Teams Use AI – Surprising Findings from GitLab’s 2023 Survey

Huolala Safety Emergency Response Center

Sep 7, 2023 · Information Security

How Huolala Secured Its Kubernetes Workloads: A Deep Dive into Container Security Practices

This article details Huolala's comprehensive container‑security program, covering Kubernetes component basics, a real‑world unauthorized‑access incident, a lifecycle‑based security framework, the Microsoft threat matrix, and the design of a home‑grown HIDS architecture to protect cloud‑native workloads.

Cloud NativeContainer SecurityDevSecOps

0 likes · 12 min read

How Huolala Secured Its Kubernetes Workloads: A Deep Dive into Container Security Practices

Cloud Native Technology Community

Aug 15, 2023 · Information Security

How to Secure Container Environments with DevSecOps: A Practical Guide

This article explains why container security is critical, outlines common threats such as image vulnerabilities, runtime escapes, network isolation, compliance, and orphaned containers, and shows how DevSecOps practices and automation tools can protect the entire container lifecycle.

AutomationContainer SecurityDevSecOps

0 likes · 8 min read

How to Secure Container Environments with DevSecOps: A Practical Guide

Sohu Tech Products

Aug 9, 2023 · Information Security

Software Supply Chain Security: Risks, Attacks, and Mitigation

The article explains software supply chain security across development, delivery, and usage phases, outlines ten common vulnerabilities and four attack categories, describes attack characteristics, examines risk factors in design, code, release, and operation stages, and presents comprehensive mitigation measures including SDL phases, DevSecOps practices, and detailed lifecycle controls.

DevSecOpsSDLSecurity

0 likes · 12 min read

Software Supply Chain Security: Risks, Attacks, and Mitigation

DevOps

Aug 9, 2023 · Information Security

From DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software development lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft’s Threat Modeling Tool for risk mitigation.

DevSecOpsMicrosoft ToolSecurity Development Lifecycle

0 likes · 20 min read

From DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle and Using Microsoft Threat Modeling Tool

Efficient Ops

Jul 19, 2023 · Information Security

How Shenwan Hongyuan Achieved National‑Level DevSecOps Excellence

Shenwan Hongyuan Securities showcased its advanced DevSecOps capabilities by passing the CAICT's DevSecOps security and risk management assessment and DevOps continuous delivery level‑3 evaluation, sharing detailed cultural, process, and technical practices that boost software security across the full lifecycle.

Continuous DeliveryDevOpsDevSecOps

0 likes · 12 min read

How Shenwan Hongyuan Achieved National‑Level DevSecOps Excellence

MaGe Linux Operations

Jul 15, 2023 · Cloud Native

How to Secure Your Kubernetes Clusters with DevSecOps Best Practices

This article explains how to integrate security into the DevOps pipeline for Kubernetes, covering DevSecOps concepts, image protection, role‑based access control, network policies, encryption, etcd safeguarding, and disaster‑recovery strategies to keep clusters safe and releases fast.

DevSecOpsKubernetesNetworkPolicy

0 likes · 21 min read

How to Secure Your Kubernetes Clusters with DevSecOps Best Practices

DevOps Operations Practice

Jul 9, 2023 · Information Security

Understanding DevSecOps: Concepts, Tools, and Benefits

This article explains how DevSecOps integrates security into DevOps pipelines, outlines its definition and differences from traditional DevOps, reviews popular tools such as Trivy, Gerrit, OWASP Dependency‑Check, Arachni, and Falco, and highlights the operational and cost benefits of early security integration.

AutomationDevOpsDevSecOps

0 likes · 7 min read

Understanding DevSecOps: Concepts, Tools, and Benefits

DevOps

Jun 27, 2023 · Information Security

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft Threat Modeling Tool for proactive risk mitigation.

DevSecOpsMicrosoftOWASP

0 likes · 20 min read

From DevOps to DevSecOps: Understanding Threats, Security Practices, and Using Microsoft Threat Modeling Tool

Efficient Ops

Jun 24, 2023 · Information Security

How ICBC Built a DevSecOps Security Framework to Accelerate Safe Software Delivery

This article explains how ICBC's software development center integrated DevSecOps practices—embedding security awareness, automating toolchains, and using metric‑driven assessments—to reduce vulnerabilities, lower compliance risk, and support a cloud‑native, secure smart‑banking ecosystem.

DevSecOpsinformation securitysecurity automation

0 likes · 8 min read

How ICBC Built a DevSecOps Security Framework to Accelerate Safe Software Delivery

Software Development Quality

May 16, 2023 · Information Security

Mastering DevSecOps: Essential Security Testing Strategies for Modern Applications

As DevOps accelerates software delivery, integrating robust security testing—through static, dynamic, interactive application security testing and software composition analysis—becomes essential, and this article explains the importance, methods, tools, and best practices, including Huawei Cloud’s approach, to ensure comprehensive protection across the development lifecycle.

DASTDevSecOpsIAST

0 likes · 15 min read

Mastering DevSecOps: Essential Security Testing Strategies for Modern Applications

DevOps Cloud Academy

May 15, 2023 · Information Security

GitLab 2023 DevSecOps Survey Highlights Security Priorities, AI/ML Adoption, and Toolchain Integration Challenges

The 2023 GitLab DevSecOps survey of over 5,000 IT leaders, CISOs, and developers across multiple industries reveals heightened security focus, growing AI/ML use in testing, and persistent tool‑chain management obstacles that hinder productivity and compliance efforts.

AI/MLDevSecOpsGitLab

0 likes · 5 min read

GitLab 2023 DevSecOps Survey Highlights Security Priorities, AI/ML Adoption, and Toolchain Integration Challenges

DevOps Cloud Academy

May 14, 2023 · Information Security

Implementing DevOps Quality Gates: Benefits, Practices, and Top Tools

The article explains how DevSecOps‑driven quality gates shift security left in the SDLC, improve code quality and agility, reduce technical debt, and outlines five leading static analysis tools for enforcing these gates in modern CI/CD pipelines.

DevOpsDevSecOpsSecurity

0 likes · 9 min read

Implementing DevOps Quality Gates: Benefits, Practices, and Top Tools

Software Development Quality

May 13, 2023 · Information Security

Top SAST and DAST Tools for DevSecOps: Boost Your Software Security

This article explains how security testing tools integrate into DevOps to form a DevSecOps model, outlines the differences between static and dynamic application security testing, and reviews popular SAST and DAST solutions that help protect software throughout its lifecycle.

DASTDevSecOpsSAST

0 likes · 10 min read

Top SAST and DAST Tools for DevSecOps: Boost Your Software Security

MaGe Linux Operations

Apr 19, 2023 · Cloud Native

How to Securely Validate Kubernetes YAML: Best Practices & Tools

This article explains why YAML is the preferred format for defining Kubernetes applications, outlines the three validation levels—structural, semantic, and security—and recommends practical tools and best‑practice workflows to ensure configurations are correct and safe before deployment.

Configuration ValidationDevSecOpsKubeval

0 likes · 7 min read

How to Securely Validate Kubernetes YAML: Best Practices & Tools

Efficient Ops

Apr 8, 2023 · Information Security

How China Postal Savings Bank Reached Advanced DevSecOps Maturity – Lessons and Practices

The article details China Postal Savings Bank's successful DevSecOps assessment at the 2023 GOPS Global Operations Conference, sharing the bank's project background, interview insights on culture, processes, and tooling, and outlining the benefits and future plans of adopting standardized DevSecOps practices.

BankingDevSecOpsMaturity Model

0 likes · 17 min read

How China Postal Savings Bank Reached Advanced DevSecOps Maturity – Lessons and Practices

Efficient Ops

Apr 7, 2023 · Information Security

How China Postal Savings Bank Achieved Advanced DevSecOps Maturity – A Deep Dive

The article details China Postal Savings Bank's successful DevSecOps assessment, describing the standards, the Operation Risk Management System project, interview insights on cultural, process, and technical implementations, and the benefits and future plans for secure, agile digital transformation.

BankingDevOpsDevSecOps

0 likes · 16 min read

How China Postal Savings Bank Achieved Advanced DevSecOps Maturity – A Deep Dive

Efficient Ops

Mar 29, 2023 · Information Security

Securing the Software Supply Chain in Agile Development

This article examines the rising software supply‑chain security risks in fast‑paced agile development, outlines regulatory pressures, and presents a comprehensive management framework—including policies, dynamic asset views, full‑lifecycle risk identification, and DevSecOps practices—to help enterprises mitigate vulnerabilities and ensure secure delivery.

Agile DevelopmentDevSecOpssoftware supply chain

0 likes · 8 min read

Securing the Software Supply Chain in Agile Development

Cloud Native Technology Community

Mar 21, 2023 · Information Security

2022 Cloud Native Security State Report: Key Findings on Cloud Expansion, Security Posture, and Drivers

The 2022 Cloud Native Security State Report reveals that while enterprises increased cloud usage by over 25% during the pandemic, many face security and compliance challenges, and highlights how strong security posture, DevSecOps integration, and automation dramatically reduce friction and boost operational efficiency.

Cloud NativeDevSecOpscloud adoption

0 likes · 6 min read

2022 Cloud Native Security State Report: Key Findings on Cloud Expansion, Security Posture, and Drivers

DevOps

Mar 20, 2023 · Information Security

2023 DevSecOps Forecast: Five Key Trends Shaping Software Supply Chain Security, AI/ML Integration, and Observability

The 2023 DevSecOps forecast highlights five major trends—including prioritizing software supply‑chain security, embedding security education in DevOps, pervasive AI/ML across the SDLC, deeper value‑stream analysis, and left‑shifting observability—while emphasizing zero‑trust, SBOM adoption, and the growing role of security in cloud‑native environments.

AI/MLDevSecOpsSecurity

0 likes · 7 min read

2023 DevSecOps Forecast: Five Key Trends Shaping Software Supply Chain Security, AI/ML Integration, and Observability

21CTO

Mar 3, 2023 · Fundamentals

11 Software Development Trends Shaping 2023 – From Low‑Code to AI

The article outlines eleven key software development trends for 2023, including the surge of low‑code/no‑code platforms, cloud adoption driven by remote work, rising cybersecurity threats, rapid AI integration, Rust's popularity, IoT expansion, progressive web apps, microservices, blockchain adoption, talent shortages prompting outsourcing, and the growing importance of DevSecOps.

AIBlockchainDevSecOps

0 likes · 22 min read

11 Software Development Trends Shaping 2023 – From Low‑Code to AI

DevOps

Jan 12, 2023 · Information Security

Understanding DevSecOps: Integrating Security into DevOps Practices

DevSecOps integrates security into every stage of the DevOps lifecycle, addressing cultural, technical, and organizational challenges through practices such as early security integration, automated testing, skill training, tool integration, compliance, and continuous monitoring, ultimately enabling faster, safer software delivery.

AutomationDevOpsDevSecOps

0 likes · 15 min read

Understanding DevSecOps: Integrating Security into DevOps Practices

Efficient Ops

Jan 11, 2023 · Information Security

How Anxin Securities Achieved Advanced DevSecOps Maturity in Financial Services

Anxin Securities' Financial Store system passed the level‑2 DevSecOps assessment by China CAICT, showcasing how cultural, process, and technical practices were integrated to enhance security, efficiency, and digital transformation in a large‑scale financial trading platform.

DevOpsDevSecOpsDigital Transformation

0 likes · 14 min read

How Anxin Securities Achieved Advanced DevSecOps Maturity in Financial Services

Efficient Ops

Jan 11, 2023 · Information Security

How HaiTong Securities Achieved Advanced DevSecOps Maturity: An Inside Look

This article details HaiTong Securities' journey through the DevSecOps assessment, showcasing their eHaiTongCai data service platform, interview insights from senior managers, the security challenges they faced, and the concrete steps they took to embed security across the entire software lifecycle.

Case StudyContinuous DeliveryDevOps

0 likes · 14 min read

How HaiTong Securities Achieved Advanced DevSecOps Maturity: An Inside Look

Efficient Ops

Jan 11, 2023 · Operations

How a Securities Firm Achieved DevSecOps Maturity to Boost Transformation

The article details how China’s CITIC Securities leveraged the national DevOps and DevSecOps maturity models, passed Level 2 security assessments, and integrated cultural, procedural, and technical practices to enhance its institutional business service platform, improve security, and accelerate its digital transformation.

Case StudyDevOpsDevSecOps

0 likes · 11 min read

How a Securities Firm Achieved DevSecOps Maturity to Boost Transformation

Efficient Ops

Jan 11, 2023 · Information Security

How Zhongtai Securities Achieved Advanced DevSecOps Maturity

Zhongtai Securities shares how adopting DevSecOps standards, integrating security into every stage of its DevOps pipeline, and leveraging automated testing tools dramatically improved delivery speed, reduced vulnerabilities, and positioned the firm at an advanced domestic security level, as confirmed by the latest CAICT assessment.

Continuous DeliveryDevOpsDevSecOps

0 likes · 12 min read

How Zhongtai Securities Achieved Advanced DevSecOps Maturity

Efficient Ops

Jan 10, 2023 · Information Security

How China’s Leading Bank Achieved Advanced DevSecOps Maturity: An Inside Interview

This article reports on the China Academy of Information and Communications Technology's DevOps standard assessments, highlights Industrial and Commercial Bank of China's successful Level‑2 DevSecOps evaluation, and presents an in‑depth interview revealing the bank’s cultural, process, and technical practices that boosted its security risk management and digital transformation.

BankingDevOps StandardsDevSecOps

0 likes · 11 min read

How China’s Leading Bank Achieved Advanced DevSecOps Maturity: An Inside Interview

DevOps Cloud Academy

Dec 30, 2022 · Information Security

Scanning GitLab Repositories for Secrets Using Custom Secret Detection Rules

This guide explains how to configure and run GitLab secret detection to scan a repository for exposed credentials such as passwords, API keys, JWTs, and private keys, using custom rules, test files, pipeline execution, and result analysis.

DevSecOpsGitLabGitleaks

0 likes · 8 min read

Scanning GitLab Repositories for Secrets Using Custom Secret Detection Rules

Efficient Ops

Dec 28, 2022 · Information Security

How China Agricultural Bank Achieved Advanced DevSecOps Maturity

In a detailed interview, senior engineers from China Agricultural Bank explain how their mobile banking payment and micro‑loan platforms passed the CAICT DevSecOps Level‑2 assessment, outlining the cultural, process, and technical measures—such as integrated security testing tools and cross‑department collaboration—that boosted security, efficiency, and digital transformation.

BankingDevOpsDevSecOps

0 likes · 14 min read

How China Agricultural Bank Achieved Advanced DevSecOps Maturity

DevOps Cloud Academy

Oct 17, 2022 · Information Security

Tencent Cloud’s DevSecOps Practices and Open‑Source Governance – Conference Presentation

In a CIS2021 conference talk, Tencent Cloud’s product security lead outlines the company’s DevSecOps journey, detailing challenges of heterogeneous infrastructure, a risk‑introduction workflow, multi‑stage security evolution, tool integration, metrics, and open‑source governance practices.

DevSecOpsTencent Cloudcloud security

0 likes · 15 min read

Tencent Cloud’s DevSecOps Practices and Open‑Source Governance – Conference Presentation

Alibaba Cloud Native

Sep 28, 2022 · Cloud Native

How Lixun Logistics Cut Registry Complexity by 50% with Alibaba Cloud ACR EE

Facing high operational costs and scaling challenges with its self-built Harbor registry, Lixun Logistics migrated core container images to Alibaba Cloud’s ACR Enterprise Edition, achieving a 50% reduction in registry complexity, 60% faster image distribution, and enhanced security across multi-region deployments.

ACR EEAlibaba CloudCloud Native

0 likes · 9 min read

How Lixun Logistics Cut Registry Complexity by 50% with Alibaba Cloud ACR EE

DevOps Cloud Academy

Sep 17, 2022 · Operations

Implementing DevSecOps with Jenkins Template Engine (JTE): Setup, Configuration, and Pipeline Testing

This article explains how to implement DevSecOps across an enterprise using Jenkins Template Engine (JTE), covering preparation of library resources, pipeline template configuration, plugin installation, and a complete pipeline test with sample code and console output.

AutomationDevSecOpsJenkins

0 likes · 4 min read

Implementing DevSecOps with Jenkins Template Engine (JTE): Setup, Configuration, and Pipeline Testing

DevOps

Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST

0 likes · 13 min read

Security Testing Practices in DevSecOps and Huawei Cloud

DevOps

Aug 3, 2022 · Information Security

Secure Design in DevSecOps: Principles, Threat Modeling, and Huawei Cloud Practices

This article explains how integrating secure‑by‑design principles into DevSecOps accelerates software delivery while reducing risk, outlines key security architecture concepts such as the CIA triad and design principles, describes threat‑modeling methods, and showcases Huawei Cloud’s practical security design, data protection, and privacy solutions.

DevSecOpsHuawei CloudSecure Design

0 likes · 12 min read

Secure Design in DevSecOps: Principles, Threat Modeling, and Huawei Cloud Practices

DevOps Cloud Academy

Jul 21, 2022 · Information Security

Insights on DevSecOps and Code‑Vaccine Technology from XMirror Security Founder

In a detailed interview, XMirror Security founder Zi‑Ya discusses the origins of his team, the core elements of DevSecOps, the innovative code‑vaccine technology combining IAST and RASP, maturity stages of development security in China, and future trends in software‑supply‑chain security.

Code VaccineDevSecOpsIAST

0 likes · 10 min read

Insights on DevSecOps and Code‑Vaccine Technology from XMirror Security Founder

DevOps Cloud Academy

Jul 11, 2022 · Information Security

Understanding DevOps, SecOps, and DevSecOps: Definitions, Benefits, and Choosing the Right Approach

This article explains the concepts of DevOps, SecOps, and DevSecOps, outlines their core principles and benefits, compares their focus on collaboration, automation, and security, and provides guidance on selecting the most suitable approach for organizations seeking integrated development, operations, and security practices.

AutomationCollaborationDevOps

0 likes · 7 min read

Understanding DevOps, SecOps, and DevSecOps: Definitions, Benefits, and Choosing the Right Approach

dbaplus Community

Jul 2, 2022 · Information Security

How Top Banks Deploy DevSecOps to Strengthen Enterprise Security – Insights from a 2022 GDevOps Summit

The article summarizes Wei Yadong’s 2022 GDevOps Global Agile Operations Summit talk, covering the escalating threat landscape, financial industry security requirements, practical DevSecOps strategies, ICBC’s security transformation, and future trends such as security mesh, privacy‑enhancing computation, and decision intelligence.

DevSecOpsFinancial ServicesSecurity Operations

0 likes · 23 min read

DevOps

Jul 1, 2022 · Information Security

Understanding DevSecOps: Concepts, Benefits, and Practical Implementation

This article explains what DevSecOps is, why traditional security approaches no longer suffice in fast‑paced software delivery, outlines its key advantages such as risk control and cost reduction, and provides detailed guidance on organizational, process, and technology practices—including tool recommendations and CI/CD pipeline integration—to embed security throughout the software lifecycle.

AutomationDevOpsDevSecOps

0 likes · 17 min read

Understanding DevSecOps: Concepts, Benefits, and Practical Implementation

DevOps

Jun 30, 2022 · Information Security

2022 DevSecOps Pipeline, Framework, and Best Practices

This article provides a comprehensive overview of DevSecOps, explaining its definition, pipeline stages, detailed framework, and the top five best practices for 2022 to help organizations integrate security throughout the software development lifecycle.

DevSecOpsPipeline

0 likes · 13 min read

Efficient Ops

Jun 22, 2022 · Information Security

How ICBC Secures Its Software with DevSecOps: Practical Insights

This article explains how Industrial and Commercial Bank of China integrates security into its DevOps pipeline through DevSecOps, detailing challenges, toolchain implementation, CI/CD security measures, and ongoing plans to strengthen software security in a fast‑changing financial environment.

AutomationDevSecOpsbanking IT

0 likes · 6 min read

How ICBC Secures Its Software with DevSecOps: Practical Insights

DevOps Cloud Academy

Jun 20, 2022 · Information Security

In-Depth Analysis of DevSecOps Pipeline, Framework, and 2022 Best Practices

This article provides a comprehensive overview of DevSecOps, explaining its definition, pipeline stages, framework components, and the top five best practices for 2022 to help organizations integrate security throughout the software development lifecycle.

AutomationDevSecOpsSecurity

0 likes · 12 min read

In-Depth Analysis of DevSecOps Pipeline, Framework, and 2022 Best Practices

Meituan Technology Team

May 26, 2022 · Information Security

Building and Deploying Software Composition Analysis (SCA) for Enterprise Security

The article analyzes the rising threat of open‑source components, explains Software Composition Analysis (SCA) and SBOM generation, outlines the three‑stage process for building an in‑house SCA capability, discusses practical challenges such as data quality and integration, and looks ahead to future standards and open‑source tools.

DevSecOpsNLPSBOM

0 likes · 37 min read

Building and Deploying Software Composition Analysis (SCA) for Enterprise Security

Cloud Native Technology Community

Apr 14, 2022 · Information Security

Navigating Cloud‑Native Security: Six Critical Risks and DevSecOps Solutions

The article examines how rapid cloud‑native adoption reshapes application design and operations while introducing six distinct security risks, and proposes a comprehensive DevSecOps framework that integrates early‑stage security controls across infrastructure, compute, development, and management to protect modern containerized environments.

ContainerDevSecOpsKubernetes

0 likes · 13 min read

Navigating Cloud‑Native Security: Six Critical Risks and DevSecOps Solutions

DevOps Engineer

Mar 2, 2022 · Operations

Top DevOps Trends to Watch in 2022 and Industry Q&A

The article outlines the 2022 DevOps landscape, highlighting trends such as serverless computing, microservice growth, Kubernetes adoption, and the rise of DevSecOps, while also providing expert Q&A on tools, security, platform selection, and future opportunities.

DevSecOpsKubernetesMicroservices

0 likes · 9 min read

DevOps

Feb 25, 2022 · Information Security

Docker and Kubernetes Security: Challenges, 26 Docker Best Practices, and 7 Kubernetes Hardening Guidelines

This article explains why Docker, the dominant container runtime, introduces significant security risks, outlines eight key container‑security challenges, provides 26 practical Docker hardening recommendations, adds seven Kubernetes protection best practices, and lists eleven essential questions for assessing a secure cloud‑native environment.

DevSecOpsbest practicesinformation security

0 likes · 14 min read

Docker and Kubernetes Security: Challenges, 26 Docker Best Practices, and 7 Kubernetes Hardening Guidelines

DevOps

Feb 22, 2022 · Information Security

From DevOps to DevSecOps: Evolution, Benefits, and Implementation Challenges

This article traces the development of DevOps, explains how its evolution into DevSecOps integrates security early in the software lifecycle, outlines the resulting benefits of faster, cheaper, and safer delivery, and discusses the technical, cultural, and organizational challenges that must be overcome for successful adoption.

AutomationDevOpsDevSecOps

0 likes · 13 min read

DevOps

Jan 21, 2022 · Information Security

Enterprise DevSecOps: Integrating Security into DevOps

This article provides a comprehensive guide to implementing DevSecOps in enterprises, covering fundamental principles, collaboration between security and development teams, integration of security testing, building a secure toolchain, and practical strategies for scaling security within DevOps pipelines.

AutomationDevOpsDevSecOps

0 likes · 62 min read

DevOps

Jan 19, 2022 · Fundamentals

Evolution of Software Testing and Continuous Testing Practices in DevOps

This article reviews the historical evolution of software testing, explains the concepts of continuous testing within DevOps, outlines testing lifecycles, tools, and models, and looks ahead to emerging trends such as DevSecOps and AI‑driven autonomous testing.

AI testingDevOpsDevSecOps

0 likes · 14 min read

Evolution of Software Testing and Continuous Testing Practices in DevOps

DevOps Cloud Academy

Jan 5, 2022 · Operations

Top DevOps Trends Shaping the Future (2022 and Beyond)

This article outlines the major DevOps trends—including micro‑service architecture, serverless computing, low‑code platforms, Kubernetes evolution, DevSecOps, and AI integration—that are expected to drive faster delivery, higher quality, and greater agility in software development and operations.

AIDevOpsDevSecOps

0 likes · 6 min read

Top DevOps Trends Shaping the Future (2022 and Beyond)

Architecture and Beyond

Jan 2, 2022 · Information Security

Building an Application Security System: SDL and DevSecOps Approaches

The article examines application security challenges for startups, presents statistical attack data, defines what application security entails, outlines common security issues, and compares two main frameworks—Microsoft's Security Development Lifecycle (SDL) and DevSecOps—offering guidance on selecting and implementing a suitable security system.

Application SecurityDevSecOpsSDL

0 likes · 16 min read

Building an Application Security System: SDL and DevSecOps Approaches

Efficient Ops

Dec 27, 2021 · Information Security

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity – Insights from the CAICT Assessment

Zhengzhou Bank’s electronic banking system passed the Level 2 security‑operation assessment of the DevSecOps standard, showcasing how standardization, tool empowerment, and a culture of shared security responsibility can elevate a financial institution’s DevOps practices to an advanced domestic level.

BankingDevOpsDevSecOps

0 likes · 14 min read

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity – Insights from the CAICT Assessment

Efficient Ops

Dec 27, 2021 · Information Security

Zhongtai Securities’ Path to Advanced DevSecOps Maturity – Key Takeaways

The 2021 GOLF+ IT Governance Forum highlighted Zhongtai Securities’ successful DevSecOps assessment, revealing how the company’s online business system met the second‑level security and risk management standards, and sharing detailed insights on cultural, procedural, and technical practices that drove their advanced security maturity.

DevOpsDevSecOpsMaturity Assessment

0 likes · 10 min read

Zhongtai Securities’ Path to Advanced DevSecOps Maturity – Key Takeaways

Efficient Ops

Dec 27, 2021 · Information Security

How GuoXin Securities Achieved Advanced DevSecOps Maturity in Its GoldSun App

GuoXin Securities' GoldSun platform passed the CAICT DevSecOps Level‑2 security and risk management assessment, showcasing how standardization, tool empowerment, and a collaborative DevOps culture can elevate a financial app's security posture to an advanced domestic level.

DevOpsDevSecOpsMaturity Assessment

0 likes · 10 min read

How GuoXin Securities Achieved Advanced DevSecOps Maturity in Its GoldSun App