Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Portshift Syncs Kubernetes Policies to Container Vulnerabilities in CI/CD Pipelines
December 19, 2019
Portshift announced a new capability that delivers runtime policies for vulnerability remediation, allowing more secure workload communications.
Portshift’s risk mitigation engine connects Kubernetes network policies with discovered vulnerabilities in production workloads, allowing it to mitigate the risk potential of vulnerable containers until its replacement with a new version that removes the vulnerable component.
With Portshift, the company has taken DevSecOps to the next level with a platform that connects identified vulnerabilities with the identity of the workload, providing a measured balance that prevents workload communications based on the risk level and the potential threat to certain applications. The technology has the ability to block traffic based on the vulnerability level discovered, providing a single picture for complete visualization of these processes during runtime. This provides protection that is matched to the DevOps applications in production.
Portshift mitigates vulnerabilities with greater sophistication. Available as part of the company’s identity-based cloud native workload security and risk management platform, the technology ensures that Kubernetes environments are protected from development to runtime. When unknown, and possibly malicious workloads are detected, they are quickly identified and rapidly removed using Portshift’s innovative DevOps security platform. The company’s workload management processes offer an alternative to the use of IP addresses, ports and firewalls to secure the network perimeter as it addresses the unique security requirements of cloud-native microservices running in containers both inside and outside of the network perimeter.
“With the availability of this identity-based approach, we are actively collaborating with industry leading vulnerability scanning providers including Twistlock, Aqua and Clair to move the industry forward,“ said Zohar Kaufman, Co-Founder and VP, R&D for Portshift. “Having Portshift’s information-rich view of containers in real time will be exceedingly important in 2020 as more determined hackers continue their efforts to attack earlier in the development process in order to exploit vulnerabilities before they are addressed by DevSecOps.“
Industry News
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
April 29, 2024
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
April 29, 2024
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
April 29, 2024
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
April 25, 2024
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
