GigaTap articles tagged devsecops.
- Security beyond benchmarks: Microsoft MDASH moves to production - Microsoft’s MDASH moves from benchmark success into live engineering pipelines, embedding AI-driven vulnerability discovery directly into DevSecOps workflo
- GitLab Adds a CI Component Map for Version Drift - GitLab 19.0 gives platform teams visibility into where shared CI components are used, which versions are running, and where stale pipeline standards still
- Gitleaks: secret scanning where code actually leaks - Gitleaks is an open-source Go tool for finding secrets in Git and CI/CD workflows. It can help, but it is a control point, not a full secret-management str
- TruffleHog scans for leaked credentials. Fit matters - TruffleHog is an open source secret-scanning tool. The useful question is not popularity alone, but where it fits, what it verifies, and how teams respond.
- Trivy adoption checklist: what to verify before rollout - Trivy has broad scanning scope and active public repository signals. Before adopting it, teams should check deployment model, maintenance cadence, output h
- Trivy scans the places modern security debt hides - A concise look at Aqua Security’s Trivy: what the open source scanner claims to cover, where it fits, and what teams should verify before relying on it.