Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
For over a decade, developers were told something simple: Google Cloud API keys aren’t secrets. They were often embedded in frontend code to power services like Maps, analytics, or Firebase, visible but largely harmless. That assumption just broke. Recent research by Truffle Security uncovered…
Spacelift: Policy-Driven IaC Automation for Terraform at Scale
Terraform is easy to get along with when you start small. A team can define its infrastructure in code, review changes in Git, and apply updates through a pretty straightforward workflow. The whole thing is clean, transparent, and easy to repeat. But as you start to scale Terraform out across an…
European tech company Cube drives secure software with AI in GitLab Duo
Cube, based in the Netherlands, is a software development company focused on designing and creating solutions, such as mobile apps, websites, and e-commerce software. The company helps customers — in industries ranging from energy to real estate, wellness, food delivery and other markets — to…
3 Open Source Projects that Could Be the Next Ingress-NGINX
The CNCF announced the retirement of Ingress-NGINX earlier this year. It’s an open source project that’s used by roughly half of all Kubernetes deployments, but it had one big flaw – it was being maintained by just two unpaid volunteers in their spare time. While it sent shockwaves through the…
JFrog’s Role in Securing the Software Supply Chain Across CI/CD Pipelines
One vulnerable library can enter your build in silence through testing and become part of your release before it makes its way into production. Once you discover it, the vulnerable library is already running in customer environments. Modern software development is such that software delivery has to…
Snyk’s Approach to Developer-First Cloud-Native Application Security
Security used to sit at the end of the development cycle. After the code was written, features merged, and infrastructure provisioned, security teams would then step in and review what was built. In a monolithic application world where we shipped software quarterly, this worked fine. In a…
Dosu.dev on Using AI to Scale Engineering Knowledge and Reduce Developer Interruptions
Engineering teams rarely “run out of talent.” They run out of uninterrupted time. When it comes to execution, the delay isn’t due to a bug or the most complex architecture decision; it’s the steady drip of repeated questions, Slack pings, and context requests. Over weeks and months, those…
How is Platform Engineering Changing?
Platform engineering has emerged as a critical discipline in modern software development, changing how organizations build, deploy, and maintain their digital infrastructure. As companies face increasingly complex technical environments, the role and practice of platform engineering continues to…
Platform Engineering Strategies for Kubernetes at Enterprise Scale
Along with the success of Kubernetes has come a ton of operational complexity. Networking primitives, YAML sprawl, security policies, operational edge cases, etc. Basically, all the things you would rather not spend time on as a developer. This is often overwhelming for teams whose primary function…
Arnica’s Role in Reducing Cloud-Native Attack Surfaces Across the SDLC
What happens to application security when software is deployed faster than it can be reviewed? In cloud-native and serverless environments, deployments are faster, infrastructure is more flexible, and AI tools now generate production-ready code in seconds. Each of these shifts expands the attack…
How Teleport’s Identity-Aware Access Model Reinvents Zero-Trust for Multicloud Kubernetes
While Zero Trust is undoubtedly the mantra for every security architect these days, the reality of achieving it in a multicloud environment is “ephemeral, to say the least. Different clouds have their own IAM frameworks, their own way of handling policy and authorizations, and generally like to…
Why Prisma Cloud’s CNAPP Advances Matter for Container and Kubernetes Security
For a long time, Kubernetes security followed a familiar pattern. Teams scanned images before deployment, added a runtime tool later, and tried to make sense of posture and identity using whatever dashboards were available. Each step was reasonable on its own. Together, they still left teams…
