Software Integrity Blog

Archive for the 'Static Analysis (SAST)' Category

 

Why dependencies matter for SAST

How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis.

Continue Reading...

Posted in Developer Enablement, Static Analysis (SAST) | Comments Off on Why dependencies matter for SAST

 

Coverity 2018.12: Securing enterprise applications

Coverity 2018.12 adds analysis without build, covers more languages and frameworks, finds more vulnerabilities, and supports enterprise application security goals.

Continue Reading...

Posted in Announcements, Static Analysis (SAST) | Comments Off on Coverity 2018.12: Securing enterprise applications

 

Webinar: Static analysis helps DevOps teams maintain velocity securely

In our on-demand webinar with Meera Rao (Synopsys), you’ll learn how to integrate SAST into DevOps using automation to find issues early in the SDLC and support DevOps velocity.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinars | Comments Off on Webinar: Static analysis helps DevOps teams maintain velocity securely

 

Let’s write more CodeXM checkers (second-stage ignition)

If you read the previous installment, you’ll recall that we boosted ourselves to low earth orbit using CodeXM to write a Coverity checker to help enforce a naming convention (which, of course, you can tweak to suit your needs). Our progress so far: local variables and function names (including method names). Now we’ll push higher up, […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Let’s write more CodeXM checkers (second-stage ignition)

 

Let’s write a CodeXM checker (it’s not rocket science!)

All systems are go. We have liftoff. Let’s write some CodeXM. If you’ve read the previous two posts, you should come away with a sense that writing a CodeXM checker isn’t rocket science. Let’s put that to the test. In order to get this hands-on experience, you should have access to an installed version of […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Let’s write a CodeXM checker (it’s not rocket science!)

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Securing applications with Coverity’s static analysis results

 

CodeXM: Awesome code checker power (itty-bitty learning curve!)

What you need to know, and (more importantly) what you don’t, about the CodeXM checkers. When you develop your software, you may not be aware of what the compiler is doing to transform source into an executable. The neat thing is you don’t need to. Just know things like what a variable declaration is, what a […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on CodeXM: Awesome code checker power (itty-bitty learning curve!)

 

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Integrating Coverity static analysis into development workflows

 

Spectre checker keeps up with the latest exploits

In a recent blog post, Detecting Spectre vulnerability exploits with static analysis, we showed how developers can use static analysis to help protect their applications from the Spectre variant 1 vulnerability (bounds check bypass). Synopsys Software Integrity Group released a checker for Coverity (AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK) that helps developers identify vulnerable code. The result is increased protection against Spectre […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Spectre checker keeps up with the latest exploits

 

Don’t Panic: Write checkers using CodeXM

With apologies to the late Adams Douglas Adams, writing a checker is hard. You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to pull together a purchase order for a new bit of software, but that’s just peanuts to writing a checker. Truth be told, writing […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Don’t Panic: Write checkers using CodeXM