Following a $50 million funding round, GitGuardian CEO Eric Fourrier discusses why secrets security is becoming a much bigger problem in the age of AI-generated code and autonomous agents. As more organizations rush to deploy coding assistants and AI agents, Fourrier argues that the number of exposed credentials, API keys and tokens is rising just as quickly, creating new risks for DevSecOps teams already struggling to manage software supply chain security. Fourrier explains that AI agents need access to data and systems to be useful, but many organizations are still handling that access the old way by handing over secrets.…
Author: drweb
A while ago I blogged about a use case where a pipeline fails during debugging with a BadRequest error, even though it validates successfully. If you’re wondering, this is the helpful error message that you get:In that blog post, the issue was that there were some lingering user properties that were configured incorrectly and removing them (or fixing them) resolved the issue. Yesterday, I had the same error again in another pipeline, but I couldn’t find anything wrong with the pipeline and its activities (and yet again, validation didn’t return any errors). So I started removing activities one by one…
This is kind of a funny page to look at.The next page has more detail. This is the text from the facing page:What we do is very difficult, the current situation is hard to understand ,and the future is uncertain. Mistakes are an inevitable consequence of attempting to get the right stuff done. Unless we can make mistakes visible both individually and collectively ,we will be doomed to mediocrity.One of the things that I’ve enjoyed about being at Redgate is that we try stuff and we sometimes fail. We talk about those issues in engineering and we do a decent…
Mar 3, 2026 Announcing Docker Hardened System Packages Secure your container stack from the base image down. Docker Hardened System Packages offer multi-distro, secure-by-default components with near-zero CVEs. Adam Dawson and Aditya Tripathi Read now
A group of more than two dozen malicious npm packages used to steal secrets and credentials from software developers has all the hallmarks – from infrastructure to operations – of Famous Chollima, the North Korean nation-state actor linked to the ongoing high-profile Contagious Interview scam. Threat researchers with Socket and Kieran Miyamoto of the DPRK Research blog detected the campaign – dubbed “StegaBin” due to its use of Pastebin steganography, a communication technique used by attackers to hide malicious information – late last month, noting that the malicious packages were added to the npm repositories over two days in the last…
A global survey of 820 IT decision makers and DevOps practitioners finds that half of respondents (53%) report that developers in the age of artificial intelligence (AI) are now authoring more tests directly. Conducted by Perforce, that shift also appears to be enabling a similar percentage of organizations (55%) to provide quality assurance (QA) teams with more time to focus on analytics. Perforce CTO Anjali Arora said it appears that organizations are investing more time and effort in testing to prevent suboptimal code, otherwise known as AI slop, from being incorporated into software builds. That effort, in fact, also appears…
In this article, you will discover 3 excellent break reminder apps for Linux that help prevent RSI, eye strain, and fatigue during long work hours. If you spend long hours working on your Linux system, such as coding, writing, designing, or managing servers, you know how easy it is to lose track of time. Before you realize it, you’ve been staring at the screen for hours without moving, leading to eye strain, back pain, and decreased productivity. The solution? Break reminder applications that automatically prompt you to take regular breaks, stretch, and rest your eyes. These tools can significantly improve…
The arrival of generative AI in the software development lifecycle (SDLC) is arguably the biggest shift in coding in decades. For development teams, tools like GitHub, Copilot, and other AI assistants act as a massive force multiplier, automating boilerplate, suggesting complex logic, and significantly accelerating time-to-commit. But as organizations rush to equip their teams, a quiet crisis is forming in the codebase. While AI helps developers write code faster, it also helps them write insecure code faster. The problem isn’t that the AI is malicious. It is that today’s models do not understand security context or intent. Generative AI models…
In this article, you will learn how to copy, sync, backup, and transfer files locally and remotely using 16 useful rsync commands with practical examples. Rsync (Remote Sync) is the most commonly used command for copying and synchronizing files and directories remotely as well as locally in Linux/Unix systems. Whether you’re managing Ubuntu, RHEL, or any other Linux distribution, rsync remains an essential tool for system administrators and DevOps engineers. With the help of the rsync command, you can copy and synchronize your data remotely and locally across directories, disks, and networks, perform efficient data backups, and mirror between two…
Sonar this week launched an Agent Centric Development Cycle (AC/DC) framework that promises to modernize continuous integration (CI) in the age of artificial intelligence (AI) coding. Announced at an online Sonar Summit, the AC/DC framework incorporates multiple tools and platforms the company has developed to better secure software supply chains, including now in beta Sonar Context Augmentation tool that provides guidance in real-time to AI coding tools and a SonarQube Agentic Analysis service to analyze code that can be accessed via a command line interface (CLI) or Model Context Protocol (MCP) server provided by Sonar. Additionally, Sonar is now making…