Detecting Bugs and Vulnerabilities in Java With SonarQube
The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration...
Search fresh public links, source activity, and ready-to-use post angles for Java Devsecops.
Fresh curated links around Java DevSecOps are collected here so marketers can spot useful updates and turn timely ideas into posts faster.
Recent items include:
Recent curated links from global sources. Generate one free draft from any story, then use SocialBu to schedule and refine your content calendar.
The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration...
With the increasing number of security threats, organizations have invested heavily in cybersecurity initiatives to protect their applications, infrastructure, and sensitive data....
The more distributed a system, the harder it is to secure. Code crosses JVM boundaries. Objects are serialized across trust boundaries. Third-party proxies run inside your process....
A few years ago, securing a backend system was relatively straightforward. Applications lived inside a corporate network, databases sat behind a firewall, and VPN access was often...
SAN JOSE — A survey from BellSoft found that Spring developers don’t know their Dockerfiles affect their security posture, aren’t using hardened images and can’t name their complia...
In 2021, a security researcher breached Apple, Microsoft, PayPal, and 32 other organisations without writing a single exploit. He just uploaded a package. This article explains exa...
For most of Java’s history, a sophisticated exploit required a sophisticated attacker. But, in this era of AI, Anthropic’s Claude Mythos demonstrates that AI can autonomously unco...
With the recent surge in security vulnerabilities across the Spring ecosystem in the first half of 2026, relying on scattered security validation inside individual REST controllers...
DevSecOps maturity is not measured by the number of security tools installed. It is measured by how consistently security is built into code, pipelines, infrastructure, containers,...
Azul launched a free JVM vulnerability risk assessment to address the blind spot that autonomous AI exploitation tools are increasingly
Shift left to the developer's machine. The principle is what matters: Stop secrets before they ship. The tooling is a means to that end.
CI/CD security tools help engineering teams catch vulnerable dependencies, leaked secrets, insecure code patterns, risky containers, and cloud misconfigurations before they reach p...
In the modern enterprise software development life cycle, when delivery speed is the most closely watched metric, security is often treated as an afterthought, to be run at the end...
Most Node.js teams rely on CI pipelines to tell them whether their dependencies are secure. By the time that feedback arrives, however, the most important decisions have already be...
Broadcom today released a raft of updates to the open source Spring framework for building Java applications to primarily address a wave of vulnerabilities discovered by researcher...
What JEP 290 actually did, what it genuinely left open, and how to write filters that hold up in the real world — not just on paper. Java deserialization has been described as “the...
Introduction Security issues in cloud infrastructure often start as small configuration mistakes. A public network rule, a missing encryption setting, or an overly permissive pol...
Part of the SD Times 100 2026 series. See the full SD Times 100 2026 list for every category and honoree. Application security has spent years maturing around a relatively stable a...
Checking for dependency vulnerabilities in freshly developed software is usually done near the end of the build process. Remediation at that point can be tricky. Now, JavaScript a...
В марте состоялся второй эпизод DevSecOps-митапа CyberCamp, в программу которого вошли киберучения на платформе Jet CyberCamp. Три задания, максимально приближенных к реальным зада...
Modern enterprise environments, such as cloud-native systems and CI/CD pipelines, are built for speed, and while this is positive, there is a downside to that. Because software is...
The Aberration We build Java applications like Go or Rust programs. Fat JARs. Docker images. Kubernetes deployments. Everyone does it, so it looks normal. It contradicts Java’s des...
Learn how to use quantum-resistant ML-KEM and ML-DSA in Java to securely establish a shared secret key. The post Quantum-Resistant ML-KEM and ML-DSA in Java first appeared on Bael...
Compare 8 top SAST tools for polyglot monorepos, covering incremental scans, ownership, custom rules and platform engineering at scale 2026.
Use SocialBu to discover ideas, generate post drafts, and schedule them across your social channels.