GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.
By replacing static, manual self-attestation reports with autonomous, clear, contextual insights and analysis, this new visualization feature helps security teams understand their fast changing software architecture and pinpoint threats with a visual inventory of critical software components.
"Without a continuous view of software architecture across design, development, and runtime, it’s impossible to effectively identify, prioritize, remediate and prevent application risks,” said Idan Plotnik, co-founder and CEO of Apiiro. “Apiiro is committed to equipping customers with security insights that are intuitive, actionable, and focused, rather than overwhelming. Software Graph Visualization eliminates the need to interview developers or use self-based attestation questionnaires that make it hard to identify how software components connect and where security risks emerge. By using AI agents to generate a visual map of the entire software inventory—along with contextual security review questions and threat model stories—security teams can quickly identify, prioritize, remediate, and communicate risks, all backed by clear, data-driven insights that support faster, more informed decisions.”
Software Graph Visualization delivers question-driven, dynamic graphs that map risk exposure, attack surfaces, and sensitive data flow in an intuitive, real-time format. It is automatically and continuously updated, using deep code analysis to analyze the context and relationships of software components in real time to uncover risk exposure, enabling customers to address the following use cases:
- Threat modeling: Achieve the visibility to proactively assess risk and vulnerabilities in designs and evaluate how sensitive data moves across boundaries, ensuring all communication and access points are secure and appropriately guarded.
- Pen-test scoping: Attain comprehensive understanding of attack surfaces to successfully scope tests. The graph visualizes API architecture and data flow, highlighting risky entry points, potential vulnerabilities, and business critical areas of the system that are more prone to exploitation, allowing security teams to focus efforts on the most vulnerable parts of the system and ensure a more targeted and effective pen-test.
- Change impact assessment: Effectively assess risk introduced by new code changes by comparing pre-release and post-release states of the application. By showing how material changes affect systems over time, the graph highlights new technologies, exit points, endpoints, dependencies, and sensitive data added. This enables security teams to ask smarter, more in-depth questions about the specific changes that occurred, moving beyond self-attestation and ensuring new risks are identified and addressed with greater precision.
- Privacy review: Streamline the identification of privacy risks with sensitive data, allowing users to track where personal and confidential data is moving and whether it’s being shared or exposed. Key questions like “Am I sending PII to GenAI?” or “Should I obfuscate this data?” are addressed through the graph, offering a clear overview of potential privacy risks.
- Blast radius analysis: Ability to measure potential spread and impact of security breaches. The graph visualizes not just where sensitive data is used, but also the dependencies within open-source software and infrastructure, enabling assessment of the wider impact and scope of security incidents, helping users prioritize risk mitigation efforts effectively.
- Toxic combinations: Effectively identify dangerous combinations across the application.
- Vulnerability management: Efficiently prioritize and remediate vulnerabilities with complete context.
Industry News
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium, the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.