The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
The partnership combines CodeSecure’s CodeSentry Binary Composition Analysis (BCA) capabilities within FOSSA’s advanced software supply chain analysis and SBOM management platform. This single integrated solution provides continuous visibility for proactively detecting and mitigating software security vulnerabilities and compliance violations at every stage of the software development lifecycle (SDLC).
The CodeSentry-FOSSA integration allows App Developers and DevSecOps teams to generate comprehensive SBOMs that account for both open source and binaries contained in their software builds—providing comprehensive transparency into vulnerabilities, dependencies, and compliance violations. By identifying vulnerabilities during the development phase—when they are easier and more cost-effective to remediate—this integrated platform reduces risk and accelerates secure software delivery.
“Modern software applications are constantly growing in complexity and composed of components that developers might not fully control or even see,” said Mike Dager, CEO of CodeSecure. “Our partnership with FOSSA creates a single, cohesive platform that ensures comprehensive visibility into both open source and binary code, allowing teams to confidently manage their software supply chains from development through deployment.”
"Customers expect seamless security insights across the entire software supply chain, including first-party code, open source components, and binaries,” said Kevin Wang, CEO of FOSSA. “Integrating CodeSecure’s market leading binary analysis capabilities into the FOSSA platform allows our customers to comprehensively inventory and secure their software—eliminating critical blindspots and enhancing their security posture.”
The FOSSA platform, pre-integrated with CodeSecure CodeSentry, addresses the following DevSecOps needs:
- Comprehensive SBOM Generation: Consolidates insights from both source and binary code analysis to produce accurate, complete software inventories.
- Early Vulnerability Detection and Remediation: Identifies and helps mitigate vulnerabilities early in the development lifecycle, reducing complexity and cost.
- Unified Security and Compliance Management: Provides a single source for maintaining software licensing compliance and securing third-party dependencies.
The FOSSA platform, pre-integrated with CodeSecure’s BCA, is available immediately.
Industry News
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.
Zencoder announced the launch of Zen Agents, delivering two innovations that transform AI-assisted development: a platform enabling teams to create and share custom agents organization-wide, and an open-source marketplace for community-contributed agents.
AWS announced the preview of the Amazon Q Developer integration in GitHub.
The OpenSearch Software Foundation, the vendor-neutral home for the OpenSearch Project, announced the general availability of OpenSearch 3.0.