Software Integrity

Archive for the 'DevOps' Category

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Application Security, Blockchain Security, Containers, DevOps, Medical Device Security, Static Analysis (SAST) | No Comments »

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of the many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevSecOps process. Integrating SAST tools into DevSecOps processes is critical to building a sustainable program. The automation […]

Continue Reading...

Posted in DevOps, Featured, Static Analysis (SAST) | No Comments »

 

Infographic: What’s with the security / DevOps disconnect?

Download infographic  

Continue Reading...

Posted in Application Security, CI/CD, DevOps | Comments Off on Infographic: What’s with the security / DevOps disconnect?

 

8 takeaways from NIST’s application container security guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on operations teams […]

Continue Reading...

Posted in Application Security, Containers, DevOps | Comments Off on 8 takeaways from NIST’s application container security guide

 

A new study finds that security in DevOps processes is lagging

According to a new study conducted by 451 Research and Synopsys, security in DevOps processes is lagging despite advantages and opportunities. While many organizations are still in the early days of replacing organizational silos with DevOps teams implementing continuous integration and continuous delivery (CI/CD) workflows, the benefits of streamlined, collaborative development approaches are clear: They […]

Continue Reading...

Posted in DevOps | Comments Off on A new study finds that security in DevOps processes is lagging

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Application Security, Data Breach, DevOps, Open Source Security, Security Conference or Event | Comments Off on RSA news, Israel shifts to open source, latest on TaskRabbit breach

 

Webinar: DevSecOps best practices with Synopsys and GitHub

As firms consistently strive to become more agile, cloud and containers can help them build software faster and deliver continuously. At the same time, many firms fear that adding security to DevOps practices can severely slow down processes. With GitHub and Black Duck by Synopsys, firms can automate secure development workflows, shift security left, and […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevOps, Open Source Security | Comments Off on Webinar: DevSecOps best practices with Synopsys and GitHub

 

Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing

I’m proud to report that the 2018 Gartner Magic Quadrant for Application Security Testing has positioned Synopsys as a leader for the second consecutive year. This designation clearly illustrates our growing vision and ability to execute on our solutions. Building a track record of leadership I’d like to take a moment also to call out […]

Continue Reading...

Posted in Agile Methodology, Black Duck by Synopsys, CI/CD, DevOps, Interactive Application Security Testing (IAST) | Comments Off on Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing

 

What’s the difference between Agile, CI/CD, and DevOps?

We’ve been seeing a lot of instances recently in which the terms Agile, CI/CD, and DevOps are used interchangeably. 3 different tools for building your practice You couldn’t build a house with a single tool. Nor can you enable your development practice with one. Agility, CI/CD, and DevOps are three distinct tools, each important in […]

Continue Reading...

Posted in Agile Methodology, CI/CD, DevOps | Comments Off on What’s the difference between Agile, CI/CD, and DevOps?

 

Webinar: Ensure your software is secure without clogging up the CI/CD pipeline

While software grows more complex and the pace of development accelerates, the stakes for building secure software have never been higher. If you’re like most teams embracing a DevOps culture, you’re focused on breaking down silos, streamlining workflows, and cranking out functional software at a nearly continuous clip. Amid all these fundamental changes, how do […]

Continue Reading...

Posted in CI/CD, DevOps, Software Composition Analysis, Static Analysis (SAST) | Comments Off on Webinar: Ensure your software is secure without clogging up the CI/CD pipeline