The Ultimate Guide to DevSecOps
A curated Irish edition of TechDay news, analysis, interviews, reviews, job moves, and related resources for DevSecOps.
What to know about DevSecOps
DevSecOps represents the integration of security practices within the DevOps process, aiming to build security into every phase of software development and delivery. This approach helps organisations accelerate development cycles while maintaining strong security and compliance standards.
Exploring recent stories tagged with DevSecOps reveals a dynamic field where AI-driven tools, cloud-native security, and collaboration between development, security, and operations teams are shaping the future of secure software delivery. Topics such as risk management, container and API security, supply chain protection, and the rising importance of observability and automation are frequently discussed.
For readers interested in how organisations are addressing evolving cybersecurity threats while enhancing agility and innovation, the DevSecOps tag offers insights into technology advancements, cultural shifts, and best practices that help teams deliver resilient, secure software faster. Whether you are a developer, security professional, or IT leader, following DevSecOps stories provides valuable perspectives on securing modern software development in an increasingly complex digital landscape.
Analyst Insights
Research and market analysis connected to DevSecOps
Atlassian adds Jira tools for AI-native software teams
SnapLogic launches SnapCode for Claude Code integration
Datadog named Gartner observability leader for sixth year
Grafana Labs named leader in Gartner observability report
Data Theorem launches AI security platform for apps
Featured News
Humanoid robots, 0-day defence among Info-Tech trends for '27
Agentic AI, zero-day surge, sovereign cloud, and humanoid robots will define IT strategy in 2027, Info-Tech Research Group warns.
Google Cloud CEO sets out enterprise AI agent plan
Enterprises will get one place to build, govern and run AI agents, as Google Cloud expands Gemini Enterprise across models, data and security.
Expert Columns
AI deserves our appreciation, but only if we're honest about what we're appreciating
A strategic blueprint for governing AI-enabled software development
Your annual penetration testing is already out of date
As agentic development accelerates, workflow auditability becomes a bottleneck
Secure by default: Moving beyond secure by design
Why the next endpoint and SASE disruption will not come from a security vendor
The security challenges in AI-assisted software development
Interviews
Interviews and video coverage from the networkRecent DevSecOps News
FIS joins Anthropic cyber security project with Mythos 5
For thousands of banks and payments firms, the trial could help spot software flaws before they disrupt critical financial systems.
Google Cloud issues guardrails for AI vulnerability agents
Security teams are being warned to keep humans and strict controls in place as AI agents can miss context and leak sensitive code.
Google Cloud unveils AI security blueprint for GKE
The framework targets CISOs and platform teams as they move AI systems into production, amid rising risks from prompts, models and outputs.
Google Cloud sets out AI security plan with Gemini & Wiz
Defenders could gain a faster edge against AI-driven attacks as Google Cloud ties Gemini, Wiz, CodeMender and Mandiant into one platform.
GitLab 19.2 adds AI tools for security & workflows
The update aims to cut review bottlenecks by auto-fixing vulnerable dependencies and surfacing code flaws scanners often miss.
CleanStart launches Clean Libraries to secure AI code
Developers face earlier checks on risky open-source dependencies as AI coding tools speed up software assembly and raise supply chain concerns.
Cloudflare uses eBPF to boost edge security & routing
The shift has helped the network operator block massive attacks in seconds while reducing reliance on custom kernel patches and specialist hardware.
Targeted open source malware attacks on developers soar
Malicious package advisories jumped from 21 in 2023 to 1,576 in 2025, as attackers increasingly target developers before code reaches production.
AI coding models make working code, not secure code
Working output from the latest AI coding tools was secure barely a third of the time, exposing a widening risk for software teams.
Mandiant warns on exposed Cloud Run serverless apps
Exposed serverless apps can let attackers steal tokens, read secrets and take over cloud projects if weak code is left unpatched.
Tenable adds app security data to exposure platform
Security teams can now rank code flaws against cloud and identity risks after Tenable folded application security data into its exposure platform.
Checkmarx launches autonomous agents to fix code flaws
As AI coding speeds up, Checkmarx says its new agents can cut manual vulnerability fixes by up to 70% before code is committed.
Most AI cloud vulnerabilities remain unpatched, Orca says
Most fixable flaws in live AI cloud systems are still exposed, with Orca finding 99.9% remain unpatched across major platforms.
BeyondTrust launches NHI governance for machine identities
Security teams can now tighten oversight of service accounts, API keys and AI agents as machine identities outnumber staff in many enterprises.
NCC Group maps security gaps across AI coding agents
Weak default safeguards and uneven sandboxing could leave developers exposed to command execution before workspace trust is granted.
IBM & Red Hat launch Lightwell for open source fixes
Enterprises can now patch older open source software without disruptive upgrades, as IBM and Red Hat target stubborn vulnerability backlogs.
XBOW wins AWS application security competency status
The AWS badge could help XBOW win more enterprise deals as buyers seek continuous testing that shows which vulnerabilities are exploitable.
AI speeds coding but not enterprise software delivery
Enterprises risk slower returns from AI as manual approvals and release bottlenecks keep software lead times stuck at 30 to 45 days.
DigiCert launches Quantum Central for post-quantum readiness
Security teams gain a free way to map hidden cryptography before quantum threats make current encryption less reliable.
Endava & Wiz partner on AI cloud security services
Enterprise AI roll-outs will get closer monitoring as Endava adds Wiz tools to spot cloud risks earlier across multi-cloud systems.