DEV Community

# devsecops

Integrating security practices into the DevOps lifecycle.

Posts

👋 Sign in for the ability to sort posts by relevant, latest, or top.
Why Every CISO Needs an AIBOM in 2026 — And What Most Vendors Miss

Why Every CISO Needs an AIBOM in 2026 — And What Most Vendors Miss

Comments
9 min read
Applying SAST to Infrastructure as Code: Unifying Cloud and Container Security with Trivy

Applying SAST to Infrastructure as Code: Unifying Cloud and Container Security with Trivy

1
Comments 1
4 min read
Shifting Mobile Security Left: Applying SAST to Android Apps with MobSF

Shifting Mobile Security Left: Applying SAST to Android Apps with MobSF

1
Comments 1
3 min read
Applying SAST Tools to Infrastructure as Code — A Hands-On Look at Checkov

Applying SAST Tools to Infrastructure as Code — A Hands-On Look at Checkov

Comments
4 min read
Applying SAST Tools to Real Applications — A Hands-On Look at Bandit

Applying SAST Tools to Real Applications — A Hands-On Look at Bandit

Comments
4 min read
Applying SAST to Infrastructure as Code: Scanning Terraform with Checkov

Applying SAST to Infrastructure as Code: Scanning Terraform with Checkov

Comments 1
5 min read
Why Cursor Keeps Writing SSRF Into Your URL Fetch Code

Why Cursor Keeps Writing SSRF Into Your URL Fetch Code

Comments
3 min read
Your Phishing Simulation Score Is 99%. Here's Why That Worries Me.

Your Phishing Simulation Score Is 99%. Here's Why That Worries Me.

Comments
4 min read
Why evidence matters more than model memory in AI pentesting

Why evidence matters more than model memory in AI pentesting

Comments
1 min read
Autonomous pentesting against Active Directory, without the black box

Autonomous pentesting against Active Directory, without the black box

Comments
1 min read
Why Cursor Keeps Hashing Passwords With MD5 (And How to Fix It)

Why Cursor Keeps Hashing Passwords With MD5 (And How to Fix It)

Comments
2 min read
SOC 2 CC7.1: What Auditors Actually Ask For in Vulnerability Management

SOC 2 CC7.1: What Auditors Actually Ask For in Vulnerability Management

Comments
5 min read
Supply Chain Attacks verstehen: Praxisnahe Schutzstrategien für moderne IT-Infrastrukturen

Supply Chain Attacks verstehen: Praxisnahe Schutzstrategien für moderne IT-Infrastrukturen

Comments
6 min read
We called AVE "the CVE for AI agents." A Reddit commenter told us that was wrong. They were right

We called AVE "the CVE for AI agents." A Reddit commenter told us that was wrong. They were right

1
Comments
4 min read
Why CVSS Alone Doesn't Tell You What to Patch First (And How KEV + EPSS Changes Everything)

Why CVSS Alone Doesn't Tell You What to Patch First (And How KEV + EPSS Changes Everything)

Comments
5 min read
👋 Sign in for the ability to sort posts by relevant, latest, or top.