Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.

Continue Reading...

Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

 

[Webinars] Black Duck on VMware Cloud and open source scans

Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA), Webinars | Comments Off on [Webinars] Black Duck on VMware Cloud and open source scans

 

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

 

Taking the next step in your application security program

Already using static code analysis? Try boosting your application security program with software composition analysis to automate open source management.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Taking the next step in your application security program

 

Coverity & Black Duck together. Better. Faster. Stronger.

Using static code analysis (SAST) and software composition analysis (SCA) together makes your software development process better, faster, and stronger.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Coverity & Black Duck together. Better. Faster. Stronger.

 

[Webinars] DevSecOps best practices, AppSec tools, and the year in open source

Learn more about DevSecOps best practices, application security tools and features, and key legal developments related to open source in 2019.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security, Open Source Security, Webinars | Comments Off on [Webinars] DevSecOps best practices, AppSec tools, and the year in open source

 

Open source for lawyers: Ongoing implications of open source use

Ongoing legal considerations associated with open source use include license enforcement, dual licensing, and deciding whether to license out your own code.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Open source for lawyers: Ongoing implications of open source use

 

Open source for lawyers: Challenges of open source use

Open source is widespread because it’s easy to use. But it comes with unique security challenges, and poor open source management can be a costly liability.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Open source for lawyers: Challenges of open source use

 

[Webinars] Container security, tool misuse and abuse, open source in M&A

Learn how containerization changes the security paradigm, how to prevent security tool misuse, and what M&A participants should know about open source.

Continue Reading...

Posted in Container Security, Mergers & Acquisitions, Open Source Security, Software Security Program, Webinars | Comments Off on [Webinars] Container security, tool misuse and abuse, open source in M&A

 

What is a software bill of materials?

With a software bill of materials (software BOM), you can respond quickly to the security, license, and operational risks that come with open source use.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on What is a software bill of materials?