GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
Data Theorem announced the launch of Code Secure, the latest evolution in application security designed to protect the software supply chain from code to deployment.
Code Secure integrates Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Supply Chain Security capabilities—including Software Bill of Materials (SBOM) management—into a comprehensive product offering.
This solution offers application security teams dynamically verified insights into vulnerabilities, open-source dependencies, and the overall software composition, encompassing both first and third-party components. By automating the analysis of security issues across the entire codebase, Code Secure minimizes the manual effort involved in sifting through vast amounts of data. It empowers teams to prioritize the most critical vulnerabilities, enabling faster remediation and strengthening security earlier in the development lifecycle. This proactive approach significantly reduces the risk of breaches, while ensuring continuous compliance with industry standards, providing peace of mind as applications scale in complexity.
Code Secure's Full Stack Security analysis offers advantages by providing visibility across all layers of an application's architecture—from code, APIs, and open-source libraries to cloud environments and third-party components. By connecting these elements in a single, cohesive view, Code Secure enables security teams to not only identify vulnerabilities in isolation but to understand how they interrelate and impact the overall security posture. This full-stack visibility allows teams to address root causes more effectively, improving the accuracy of risk assessments and enhancing their ability to defend against evolving attack vectors. Ultimately, this helps organizations maintain a stronger, more resilient security posture, even as applications evolve through development, deployment, and scaling.
"Data Theorem is committed to leading the market in application and API security innovation," said Doug Dooley, COO at Data Theorem. "With Code Secure, we've built on the foundation of our Supply Chain Secure product to offer an integrated approach that helps security and DevOps teams confidently secure their software. By consolidating SAST, SCA, and SBOM management with real-time verification and attack path visualization, Code Secure delivers unparalleled protection for organizations. This new, integrated code security offering delivers significant cost savings and simplicity for customers seeking to eliminate complexity and alert fatigue often associated with their legacy SAST and SCA scanning tools."
Key Differentiators of Code Secure Include:
- Tool Consolidation: Code Secure integrates SAST, SCA, Supply Chain, and SBOM management, reducing the need for multiple, overlapping tools.
- Dynamic Verification: DAST (Dynamic Application Security Testing) verification of code findings for APIs and applications ensures more accurate identification of vulnerabilities.
- Attack Path Visualization: Code-level violations are incorporated into attack path visualizations, providing security teams with a clearer understanding of potential exploit pathways.
Code Secure is available now.
Industry News
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.