You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?
Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on Code quality and maintenance: Emerging risks of open source use
“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.
Posted in Open Source Security | Comments Off on There’s no such thing as TMI when it comes to open source software
2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.
Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Top 10 FOSS legal developments in 2019
With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.
Posted in Featured, News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight
Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.
Posted in Open Source Security, Software Composition Analysis (SCA), Webinars | Comments Off on [Webinars] Black Duck on VMware Cloud and open source scans
The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.
Posted in Container Security, Open Source Security | Comments Off on Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images
Learn about management practices inspired by open source principles and how a structured approach to secure software development is the best way forward.
Posted in Application Security, Open Source Security, Webinars | Comments Off on [Webinars] “Open source” management and secure development
Already using static code analysis? Try boosting your application security program with software composition analysis to automate open source management.
Posted in Application Security, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Taking the next step in your application security program
Using static code analysis (SAST) and software composition analysis (SCA) together makes your software development process better, faster, and stronger.
Posted in Application Security, Open Source Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Coverity & Black Duck together. Better. Faster. Stronger.
Learn more about DevSecOps best practices, application security tools and features, and key legal developments related to open source in 2019.
Posted in Agile, CI/CD & DevOps, Application Security, Open Source Security, Webinars | Comments Off on [Webinars] DevSecOps best practices, AppSec tools, and the year in open source
