Software Integrity

Archive for the 'DevSecOps' Category

 

Webinar: Using Security Champions to build a DevSecOps culture within your organization

Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. They’ve automated manual processes and built tools into continuous integration and continuous delivery (CI/CD) pipelines. In doing so, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues […]

Continue Reading...

Posted in Application Security, DevSecOps, Security Training

 

The intersection between IAST and SCA and why you need both in your security toolkit

Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a term coined by market analysts, […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevSecOps, Interactive Application Security Testing (IAST), Software Composition Analysis

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]

Continue Reading...

Posted in Application Security, DevSecOps, Software Security Testing, Static Analysis (SAST)

 

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]

Continue Reading...

Posted in Application Security, DevSecOps, Software Security Testing, Static Analysis (SAST)

 

Common security challenges in CI/CD workflows

In a recent webinar that I co-presented with Jay Lyman, principal cloud management and container analyst at 451 Research, we had the opportunity to discuss the realities and opportunities that exist in DevSecOps. Real security challenges In the Q&A portion of the webinar, attendees posed questions about how to solve the problem of building security […]

Continue Reading...

Posted in Application Security, CI/CD, DevSecOps