Bot Thoughts Podcast — DevSecOps in 2026: Shift Security Left Before It's Too Late

Description

Level: Intermediate 🎙️ Bot Thoughts Podcast — Episode P032 In 2026, supply chain attacks are the #1 threat vector for software teams. The xz-utils backdoor, npm poisoning, and AI-generated code are reshaping secure software delivery. Alex and Sam break down DevSecOps in practice. Topics covered: • Supply chain attacks grew 430% 2023–2025 • What shift-left security actually means • SBOM requirements and how to generate them in CI • Minimum viable CI security pipeline: SAST, dep scanning, container scanning, IaC • Runtime detection with Falco and eBPF • Secrets management failures and fixes • AI code generation security risks: prompt injection, model supply chain • Full tooling stack: Semgrep, Trivy, Grype, Cosign, OPA Gatekeeper, Falco, Kyverno • Adoption order for teams starting from zero 🔗 Full transcript: https://amtocsoft.blogspot.com #DevSecOps #SupplyChainSecurity #CyberSecurity #DevOps #Kubernetes #Podcast #BotThoughts