With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.
Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight
With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit.
Posted in Static Analysis (SAST), Web Application Security | Comments Off on Do you have the right tools in your application security toolkit?
Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.”
Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Forrester recognizes Synopsys as a leader in software composition analysis
What caused the Equifax breach? On the surface, it was the exploit of a known vulnerability. But was the root cause lack of visibility into open source use?
Posted in Data Breach Security, Open Source Security | Comments Off on Did lack of visibility into Apache Struts lead to the Equifax breach?
Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (https://copilot.blackducksoftware.com/), a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities.
What is CoPilot and what does it do?
Black Duck CoPilot is FREE for open source developers who use GitHub.com (the #1 open source repository in the world today) as the repository for their projects. It connects to your GitHub repositories and provides you with security risk information for your open source project’s dependencies (i.e. the open source components used to build your project).
Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on Introducing Black Duck CoPilot
Software composition analysis tools help teams identify vulnerabilities and licenses for open source components. So is SCA compatible with agile DevOps?
Posted in Agile, CI/CD & DevOps, Software Composition Analysis (SCA) | Comments Off on Is software composition analysis compatible with Agile DevOps?