Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Code quality and maintenance: Emerging risks of open source use

You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on Code quality and maintenance: Emerging risks of open source use

 

There’s no such thing as TMI when it comes to open source software

“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.

Continue Reading...

Posted in Open Source Security | Comments Off on There’s no such thing as TMI when it comes to open source software

 

Top 10 FOSS legal developments in 2019

2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Top 10 FOSS legal developments in 2019

 

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.

Continue Reading...

Posted in Featured, News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

 

[Webinars] Black Duck on VMware Cloud and open source scans

Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA), Webinars | Comments Off on [Webinars] Black Duck on VMware Cloud and open source scans

 

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

 

[Webinars] “Open source” management and secure development

Learn about management practices inspired by open source principles and how a structured approach to secure software development is the best way forward.

Continue Reading...

Posted in Application Security, Open Source Security, Webinars | Comments Off on [Webinars] “Open source” management and secure development

 

Taking the next step in your application security program

Already using static code analysis? Try boosting your application security program with software composition analysis to automate open source management.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Taking the next step in your application security program

 

Coverity & Black Duck together. Better. Faster. Stronger.

Using static code analysis (SAST) and software composition analysis (SCA) together makes your software development process better, faster, and stronger.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Coverity & Black Duck together. Better. Faster. Stronger.

 

[Webinars] DevSecOps best practices, AppSec tools, and the year in open source

Learn more about DevSecOps best practices, application security tools and features, and key legal developments related to open source in 2019.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security, Open Source Security, Webinars | Comments Off on [Webinars] DevSecOps best practices, AppSec tools, and the year in open source