Software Integrity Blog

Author Archive

Yev Bronshteyn

yev-bronshteyn

Yev Bronshteyn is a senior software engineer at Black Duck by Synopsys and a member of the SPDX Working Group’s technical team. His past engineering positions include eBay and Progress Software.


Posts by Yev Bronshteyn:

 

Power(Shell) to the people

Type less, write cleaner scripts, run consistently across platforms, and other reasons why Linux and OS X users can fall in love with PowerShell.

Continue Reading...

Posted in Developer Enablement | Comments Off on Power(Shell) to the people

 

4 key differences moving from Java to .NET Core, part 1

Getting started with .NET Core? If you’re exploring C#, you’ll find it borrows much from Java. Here are a few prominent differences you should be aware of as you move from Java to .NET Core.

Continue Reading...

Posted in Developer Enablement, Open Source Security | Comments Off on 4 key differences moving from Java to .NET Core, part 1

 

.NET component vulnerability analysis in production

At Black Duck, we’ve been excited to participate in the flurry of growth in the .NET ecosystem. Our Visual Studio Extension helps developers detect open source risks early, when it is easiest and most cost-effective to eliminate them. However, in some cases, a Visual Studio project or any build file or other composition metadata may not be available. Perhaps an application’s source code (and the component data that comes with it) has been lost. Perhaps the application was provided by a vendor who has never made the source code available in the first place. Or perhaps, in addition to scanning application dependencies, we want to include the actual production runtime in our scan. Is such component analysis possible? 

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture and Design | Comments Off on .NET component vulnerability analysis in production

 

Tackling visibility in microservices

Are modern enterprise software architectures doomed to produce suboptimal processes and outcomes? Today, enterprise architects value componentization perhaps more than ever before, given the mass glorification of microservices. Microservices are loosely defined as isolated, independent components designed to address a singular business need. Sounds great, until you consider that with this architecture, the creator(s) and the consumer(s) of any service are likely to become rigorously isolated from each other, the API boundary falling like an iron curtain between them.

Continue Reading...

Posted in Container Security, Software Architecture and Design | Comments Off on Tackling visibility in microservices