You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?
“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.
Posted in Open Source Security | Comments Off on There’s no such thing as TMI when it comes to open source software
2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.
Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight
With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.
Posted in Featured, News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight
Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.
The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.
Learn about management practices inspired by open source principles and how a structured approach to secure software development is the best way forward.
Already using static code analysis? Try boosting your application security program with software composition analysis to automate open source management.
Using static code analysis (SAST) and software composition analysis (SCA) together makes your software development process better, faster, and stronger.
Learn more about DevSecOps best practices, application security tools and features, and key legal developments related to open source in 2019.