Topic

#Devsecops

11 articles on Devsecops — news, releases, guides and analysis from the SourceFeed engine.

Article 2d ago 0

How to Stop AI Agents From Committing Your Secrets

AI coding assistants are silently exposing credentials in git history. Here is how to lock down your local workflow.

Ji-ho Choi

Stop GitHub Copilot From Sabotaging Your Terraform Security

AI autocompletions silently introduce insecure IaC patterns that pass local validation but fail in production.

Article · 2d ago2

When Seven AI Security Gates All Say LGTM

A viral incident report is pure fiction, but every way its AI defenses fail is already happening in production.

Article · 3d ago2

The Cordyceps Exploits: Why Your CI/CD Pipelines Are Wide Open

A systemic workflow composition flaw exposes hundreds of major repositories, proving we must stop treating CI/CD as passive configuration.

Article · 5d ago0

Vulnerability Reports Lost Their Privilege. Now What?

Cheap LLM bug-hunting has collapsed the signal-to-noise of disclosures, and the old etiquette of coordinated reporting no longer pays for itself.

Article · 5d ago3

Catch Risky Code Before It Merges: Add Semgrep SAST to Your GitHub Actions Pipeline

Wire Semgrep into GitHub Actions to scan every pull request against OWASP Top 10 rules and a custom rule you write yourself — so a CI failure blocks the merge before risky code reaches main.

Tutorial · 1w ago0

Agentjacking: How Public Sentry Keys Turn AI Coding Agents Into Trojan Horses

A newly disclosed exploit chain weaponizes public DSNs and the Model Context Protocol to execute arbitrary code on developer machines.

Article · 1w ago4

Securing AI Agents: Inside NVIDIA's SkillSpector Scanner

NVIDIA's open-source tool introduces capability governance to protect agentic workflows from prompt injection, tool poisoning, and malicious skills.

Article · 1w ago3

The AUR Namespace Trap: Lessons from the Atomic Arch Attacks

The recent compromise of over 1,500 AUR packages exposes the structural danger of flat namespaces in developer-focused package repositories.

Article · 1w ago5

The GitHub Clone Farm That Beat VirusTotal

A 10,000-repo Trojan campaign weaponizes GitHub's trust signals, search ranking and commit history — and the next mark is your AI agent.

Article · 1w ago2

Trivy: One Scanner to Rule Your Containers, Repos, and Kubernetes Configs

Instead of stitching together five different security tools, Trivy handles CVEs, misconfigs, secrets, and SBOM generation across every target in your pipeline — from a single CLI.

Article · 3w ago0