Source Code Management (SCM) stories - Page 2

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

GitLab opens agentic AI to free-tier users, sets USD $0.25 flat fee for automated code reviews and expands security false-positive filtering.

SpecterOps broadens BloodHound Enterprise to map identity attack paths across Okta, GitHub and Jamf-managed Macs in hybrid environments.

Entro launches AGA to map, monitor and control AI agents in enterprises, tackling shadow AI and non-human identity risks at scale.

Cobalt launches Security Program Manager service to run enterprise pentesting, align tests with business goals and speed up remediation.

North Korean IT workers using Western collaborators and fake identities are infiltrating remote jobs to funnel foreign salaries home.

ThoughtSpot rolls out Spotter for Industries, AI analytics agents tuned to sector rules to close the “context gap” in enterprise decisions.

Secure Code Warrior launches SCW Trust Agent: AI, giving security teams commit-level visibility and control over AI-influenced code.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

1Password unveils Unified Access to secure AI agents and machine credentials, promising endpoint-to-agent visibility for security teams.

GitHub joins tech giants in a USD $12.5 million Alpha-Omega push, boosting AI-powered defences for critical open source software.

Linux Foundation wins USD $12.5m from tech giants to bolster AI-era open source security and ease pressure on overstretched maintainers.

VAST Data unveils Foundation Stacks, turning NVIDIA AI Blueprints into production-ready pipelines on its AI Operating System.

VAST Data unveils Foundation Stacks, open-source pipelines turning NVIDIA AI Blueprints into production-ready workflows on its AI OS.

PagerDuty links Anthropic, Cursor and LangChain to expand its AI ops ecosystem, boosting incident response across modern software stacks.

ControlPlane launches enterprise support for OpenBao as IBM's USD $6.4 billion HashiCorp deal drives demand for open source Vault alternatives.

GenAI use in healthcare is fuelling patient data policy breaches, with regulated records making up 89% of AI-linked violations, research shows.

Dify secures USD $30m to expand its open-source platform for production-ready AI agent workflows across global enterprise teams.

JFrog warns 13 GitHub CI/CD workflow flaws, mostly critical, could let attackers hijack pipelines and steal secrets at scale.

AMD shifts its AI pitch from raw silicon to open software and cloud access as it targets developers and a share of looming trillions.