Software Integrity Blog

Archive for the 'Agile, CI/CD & DevOps' Category

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Securing applications with Coverity’s static analysis results

 

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Integrating Coverity static analysis into development workflows

 

Making the skies safe and secure with DO-178C compliance

A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the way airborne software is certified, following the objectives defined in DO-178.

Continue Reading...

Posted in Agile, CI/CD & DevOps, General, Static Analysis (SAST) | Comments Off on Making the skies safe and secure with DO-178C compliance

 

Common security challenges in CI/CD workflows

What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance. Meera Rao, director of the secure development practice at Synopsys, explains how to deal with each one effectively.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinars | Comments Off on Common security challenges in CI/CD workflows

 

Enable DevSecOps with Coverity: Deliver secure code faster

Traditional software security can be too slow for DevOps. The answer: DevSecOps. To create secure software quickly, you need automated static analysis.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Enable DevSecOps with Coverity: Deliver secure code faster

 

5 essentials for getting your bearings in a DevSecOps world

Embracing a DevSecOps practice requires key cultural and practical changes to integrate security into the SDLC. Learn about the 5 essentials for DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on 5 essentials for getting your bearings in a DevSecOps world

 

North Korea hacking, JScript RCE, World Cup a cyberthreat target?

One of the ways hackers could ruin the World Cup 2018 for travelers is by hijacking the self-printed ticket kiosks or connected QR code readers for e-tickets, warns Steve Giguere, lead engineer at cyber security firm Synopsys.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security | Comments Off on North Korea hacking, JScript RCE, World Cup a cyberthreat target?

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Medical Device Security, Static Analysis (SAST) | Comments Off on OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Integrating SAST tools into the DevSecOps pipeline is critical to building a sustainable program, but it’s also important to automate them to drive efficiency, consistency, and early detection.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on How to integrate SAST into the DevSecOps pipeline in 5 simple steps

 

What’s with the security / DevOps disconnect?

We asked 350 enterprise IT professionals about real-world practices in application security, DevOps, and CI/CD. See highlights in our DevSecOps infographic.

Continue Reading...

Posted in Agile, CI/CD & DevOps, General | Comments Off on What’s with the security / DevOps disconnect?