Software Integrity Blog

Archive for the 'Agile, CI/CD & DevOps' Category

 

Common security challenges in CI/CD workflows

What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance. Meera Rao, director of the secure development practice at Synopsys, explains how to deal with each one effectively. In a recent webinar that I co-presented with Jay Lyman, principal […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)

 

Enable DevSecOps with Coverity: deliver secure code, faster

The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]

Continue Reading...

Posted in Agile, CI/CD & DevOps

 

5 essentials for getting your bearings in a DevSecOps world

Embracing a DevSecOps practice requires key cultural and practical changes to integrate security into the SDLC. Learn about the 5 essentials for DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps

 

North Korea hacking, JScript RCE, World Cup a cyberthreat target?

One of the ways hackers could ruin the World Cup 2018 for travelers is by hijacking the self-printed ticket kiosks or connected QR code readers for e-tickets, warns Steve Giguere, lead engineer at cyber security firm Synopsys. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week, including […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Medical Device Security, Static Analysis (SAST)

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Integrating SAST tools into the DevSecOps pipeline is critical to building a sustainable program, but it’s also important to automate them to drive efficiency, consistency, and early detection.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)

 

What’s with the security / DevOps disconnect?

We asked 350 enterprise IT professionals about real-world practices in application security, DevOps, and CI/CD. See highlights in our DevSecOps infographic.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Infographic

 

8 takeaways from NIST’s Application Container Security Guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, container security risks associated with containerized delivery has become a hot topic in DevOps. This puts the spotlight on operations teams to […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security

 

A new study finds that security in DevOps processes is lagging

According to a new study conducted by 451 Research and Synopsys, security in DevOps processes is lagging despite advantages and opportunities. While many organizations are still in the early days of replacing organizational silos with DevOps teams implementing continuous integration and continuous delivery (CI/CD) workflows, the benefits of streamlined, collaborative development approaches are clear: They […]

Continue Reading...

Posted in Agile, CI/CD & DevOps

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Data Breach, Events, Open Source Security