Software Integrity

Archive for the 'DevOps' Category

 

Enable DevSecOps with Coverity: deliver secure code, faster

The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]

Continue Reading...

Posted in CI/CD, DevOps, Static Analysis (SAST)

 

5 essentials for getting your bearings in a DevSecOps world

As we rapidly move toward DevSecOps, it’s worthwhile to take a breath and orient ourselves. Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software—quickly. By automating manual processes and building tools into the continuous integration and continuous delivery (CI/CD) pipeline, they’ve increased trust […]

Continue Reading...

Posted in Application Security, DevOps, Software Security Testing

 

North Korea hacking, JScript RCE, World Cup a cyberthreat target?

Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week, including news on North Korea hacking, the remote code execution vulnerability exposed in JScript, and how the World Cup 2018 might be a ripe target for cybercrime. Read on! The Cybersecurity 202: North Korea is […]

Continue Reading...

Posted in Application Security, DevOps, Open Source Licenses, Open Source Security

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Application Security, Blockchain Security, Containers, DevOps, Medical Device Security, Static Analysis (SAST)

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of the many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevSecOps process. Integrating SAST tools into DevSecOps processes is critical to building a sustainable program. The automation […]

Continue Reading...

Posted in DevOps, Static Analysis (SAST)

 

Infographic: What’s with the security / DevOps disconnect?

Download infographic  

Continue Reading...

Posted in Application Security, CI/CD, DevOps

 

8 takeaways from NIST’s application container security guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on operations teams […]

Continue Reading...

Posted in Application Security, Containers, DevOps

 

A new study finds that security in DevOps processes is lagging

According to a new study conducted by 451 Research and Synopsys, security in DevOps processes is lagging despite advantages and opportunities. While many organizations are still in the early days of replacing organizational silos with DevOps teams implementing continuous integration and continuous delivery (CI/CD) workflows, the benefits of streamlined, collaborative development approaches are clear: They […]

Continue Reading...

Posted in DevOps

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Application Security, Data Breach, DevOps, Open Source Security, Security Conference or Event

 

Webinar: DevSecOps best practices with Synopsys and GitHub

As firms consistently strive to become more agile, cloud and containers can help them build software faster and deliver continuously. At the same time, many firms fear that adding security to DevOps practices can severely slow down processes. With GitHub and Black Duck by Synopsys, firms can automate secure development workflows, shift security left, and […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevOps, Open Source Security