Software Integrity Blog

Archive for the 'Software Composition Analysis' Category

 

Software composition analysis & the secret ingredients for a successful M&A

Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]

Continue Reading...

Posted in Legal, Open Source Security, Software Composition Analysis

 

Fine-tuning roles, controlling licenses, and matching code snippets in Black Duck 4.5

Any tradesperson, specialist, expert, aficionado, or technologist will tell you that the key to a quality outcome is a set of tools specific to the project and oriented to the goal. The realm of software security and secure DevOps is no exception to this truth, and in Black Duck’s version 4.5 release, we further hone […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis

 

Customer driven features live in Black Duck 4.4 release

How can you not love customer feedback when it helps you improve your product? At our recent FLIGHT conference, I had the opportunity to speak to a lot of customers, plus detailed discussions with our Customer Advisory Board members. This knowledge helped us build out the latest release of Black Duck with new features that […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis

 

Migrating to Docker on Black Duck

Before Black Duck began leveraging Docker, customers utilized the App Manager Install Method to deploy it. Black Duck now deploys as a set of containers, so customers need to install Docker to take advantage of updates to the application. By the end of this guide, you’ll have a basic understanding of how to migrate Black Duck to a containerized […]

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis

 

Open source vulnerabilities: Are you prepared to run the race?

Originally posted on SecurityWeek.  After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen. As the use of open source continues to rise, many organizations are putting […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis

 

Improving stability, installs, and updates with Docker

We heard our customers loud and clear. Our old AppManager product on which we ran the Hub on wasn’t working for you. That’s why we re-platformed our Black Duck Hub solution on the Docker platform. There are a lot of positive things to say about our Dockerized app, including scalability, high availability and a lot […]

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis

 

Devil’s Ivy security vulnerability leaves IoT devices at risk

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw […]

Continue Reading...

Posted in Internet of Things, Software Composition Analysis

 

How to use FOSS management systems to manage FOSS components

Identifying and managing the different types of free and open source software (FOSS) usage can be a daunting and error-prone task if done manually. But FOSS management systems make it easy for you to track the licenses and vulnerabilities in the FOSS components you use. In modern software development, the importance of using free and […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis

 

Webinar: Do you know what’s in your software?

Much of today’s software is created using third-party code, and why not? After all, it’s quicker and more cost effective than building it from scratch. Using third-party software, however, comes with its own challenges. The recent State of Software Composition Analysis 2017 report explores these challenges. The report is based on the analysis of 128,782 software […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis, Webinars

 

Customer questions: What is Docker anyway?

We’re shifting the Black Duck Hub to a Docker-based architecture, so we created this quick video to give you an overview of some key questions we’ve heard from our customers about this change. We’ve been thinking about how Docker containers can help us deliver our software effectively for quite a while now. Recently Hal Hearst shared […]

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis