Software Integrity Blog

Archive for the 'Agile, CI/CD & DevOps' Category

 

Tanya Janca at RSA on better AppSec: Play nice with DevOps

The DevOps / security relationship is often tense—but does it have to be? At RSA 2019, Tanya Janca explained how teams can play nice, and why they ought to.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on Tanya Janca at RSA on better AppSec: Play nice with DevOps

 

The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)

 

How to “shift left” with application security tools, and how not to

Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on How to “shift left” with application security tools, and how not to

 

Hacking Security Episode 4: DevSecOps with Meera Rao

Hacking Security is a monthly podcast on emerging trends in application security. In Episode 4, secure development expert Meera Rao discusses DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement | Comments Off on Hacking Security Episode 4: DevSecOps with Meera Rao

 

Automation: One of the keys to DevSecOps

The benefits of automation in DevSecOps are clear: streamlined, collaborative development, security, and operation. But how do you go about doing it?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps

 

[Webinar] Cloud DevSecOps with Synopsys and AWS

In our on-demand webinar with Binoy Das (AWS) and Dave Meurer (Synopsys), you’ll learn how to manage security in your cloud DevSecOps processes with automation.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, Webinars | Comments Off on [Webinar] Cloud DevSecOps with Synopsys and AWS

 

[Webinar] Static analysis helps DevOps teams maintain velocity securely

In our on-demand webinar with Meera Rao (Synopsys), you’ll learn how to integrate SAST into DevOps using automation to find issues early in the SDLC and support DevOps velocity.

Continue Reading...

Posted in Agile, CI/CD & DevOps, General, Static Analysis (SAST), Webinars | Comments Off on [Webinar] Static analysis helps DevOps teams maintain velocity securely

 

[Webinar] Using Security Champions to build a DevSecOps culture within your organization

Learn about the fundamentals and challenges of building a Security Champions program to transform DevOps into DevSecOps in our on-demand webinar.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Security Training, Webinars | Comments Off on [Webinar] Using Security Champions to build a DevSecOps culture within your organization

 

The intersection between IAST and SCA and why you need both in your security toolkit

Interactive application security testing (IAST) and software composition analysis (SCA) are powerful technologies—and you need both in your security toolkit.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis | Comments Off on The intersection between IAST and SCA and why you need both in your security toolkit

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Securing applications with Coverity’s static analysis results