Skip to main content

Posts

Why AI-Generated Code Is Raising the Stakes for Secrets Management

Following a $50 million funding round, GitGuardian CEO Eric Fourrier discusses why secrets security is becoming a much bigger problem in the age of AI-generated code and autonomous agents. As more organizations rush to deploy coding assistants and AI agents, Fourrier argues that the number of exposed credentials, API keys and tokens is rising just as quickly, creating new risks for DevSecOps teams already struggling to manage software supply chain security. Fourrier explains that AI agents need access to data and systems to be useful, but many organizations are still handling that access the old way by handing over secrets. That, he says, is accelerating an already serious problem. Secrets are ending up in code, collaboration tools, tickets, developer laptops and other places where they can be exposed, reused or stolen. While early concerns focused on whether large language models themselves might reveal secrets from training data, Fourrier says the bigger issue now is how humans...
Post a Comment
Read more
Recent posts

On-Call Rotation Best Practices: Reducing Burnout and Improving Response 

It’s 2:47 a.m. Your phone buzzes. An alert fires again. You acknowledge it, diagnose the issue half asleep, patch it, write a quick note and crawl back to bed. Three hours later, you’re at your desk like nothing happened.   If that sounds familiar, you’re not alone. On-call duty is one of the most important — and most mismanaged responsibilities in engineering. If done right, it protects your systems and distributes the load fairly. If done wrong, it destroys team morale and drives your best engineers to the door.   According to the 2024 State of Engineering Management Report, 65% of engineers reported experiencing burnout in the past year. On-call stress is a major contributing factor, and it compounds quickly when rotations are poorly designed, alert noise is high and there’s no automation to catch the easy stuff.   This guide covers the on-call best practices that high-performing SRE and platform engineering teams actually ...
Post a Comment
Read more

Can QA Reignite its Purpose in the Agentic Code Generation Era?

The landscape of software development is undergoing a seismic shift, driven by the unprecedented acceleration of AI systems in code generation . This surge is not merely an incremental improvement but a fundamental transformation, substantially increasing both the volume and surface coverage of software. Developers are rapidly adopting AI into their workflow, with 84% reporting using it in 2025 , up from 76% the prior year. This statistic underscores a consensus: developers view AI as an essential catalyst for saving time and delivering superior results. Today, AI tools are responsible for crafting an estimated 41% of all code, cementing their role as indispensable co-pilots, and even pilots, in the development process. For any solution in this space to succeed, three things must hold. These are no longer optimizations but prerequisites for unlocking agentic QA: Execution must be deterministic across runs. Environments must be fully isolated and reproducible at scale. Systems m...
Post a Comment
Read more

Survey Sees DevOps Workflows Evolving in the Age of AI

A global survey of 820 IT decision makers and DevOps practitioners finds that half of respondents (53%) report that developers in the age of artificial intelligence (AI) are now authoring more tests directly. Conducted by Perforce, that shift also appears to be enabling a similar percentage of organizations (55%) to provide quality assurance (QA) teams with more time to focus on analytics. Perforce CTO Anjali Arora said it appears that organizations are investing more time and effort in testing to prevent suboptimal code, otherwise known as AI slop, from being incorporated into software builds. That effort, in fact, also appears to be spurring more adoption of best DevSecOps practices, with 52% of respondents reporting their software development teams are embedding secure coding practices into the continuous integration/continuous delivery (CI/CD) platform. Half (50%) are also embedding security practices in code review, while 49% also extend security practices into runtime or pr...
Post a Comment
Read more

Codenotary Previews AI Platform to Autonomously Detect and Remediate IT Issues

Codenotary is previewing a software-as–a-service (SaaS) platform that enables artificial intelligence (AI) agents it has developed to autonomously detect, prioritize, and fix security, configuration, and performance issues. Company CEO Moshe Bar said the Codenotary Trust platform also enables continuous vulnerability tracking at both the Linux operating system and application level. Once an issue is detected, […] from DevOps.com https://ift.tt/yBg7Krm
Post a Comment
Read more

When AI Gets It Wrong: The Insecure Defaults Lurking in Your Code

The arrival of generative AI in the software development lifecycle (SDLC) is arguably the biggest shift in coding in decades. For development teams, tools like GitHub, Copilot, and other AI assistants act as a massive force multiplier, automating boilerplate, suggesting complex logic, and significantly accelerating time-to-commit. But as organizations rush to equip their teams, a […] from DevOps.com https://ift.tt/12oekf6
Post a Comment
Read more

Chainguard Expands Repository to Add More Secure Open Source Libraries

Learn how Chainguard is strengthening software supply chains by expanding its secure repository of Java, JavaScript, and Python libraries, enabling DevOps teams to access components compliant with SLSA framework standards. from DevOps.com https://ift.tt/qaWQFGg
Post a Comment
Read more