Software Integrity

Archive for the 'Static Analysis (SAST)' Category

 

Coverity now features integrated on-demand developer training

The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer training enables development teams Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners […]

Continue Reading...

Posted in Application Security, eLearning, Featured, Static Analysis (SAST) | Comments Off on Coverity now features integrated on-demand developer training

 

Examining Spectre and Meltdown attacks

As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]

Continue Reading...

Posted in Static Analysis (SAST), Vulnerability Assessment | Comments Off on Examining Spectre and Meltdown attacks

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Application Security, Blockchain Security, Containers, DevOps, Medical Device Security, Static Analysis (SAST) | Comments Off on OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of the many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevSecOps process. Integrating SAST tools into DevSecOps processes is critical to building a sustainable program. The automation […]

Continue Reading...

Posted in DevOps, Static Analysis (SAST) | Comments Off on How to integrate SAST into the DevSecOps pipeline in 5 simple steps

 

Detecting Spectre vulnerability exploits with static analysis

Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. In the interest of helping the development community actively defend against these exploits, the Synopsys Software Integrity Group is releasing a checker that can identify code patterns that are […]

Continue Reading...

Posted in Software Security Testing, Static Analysis (SAST), Vulnerability Assessment | Comments Off on Detecting Spectre vulnerability exploits with static analysis

 

Webinar: Ensure your software is secure without clogging up the CI/CD pipeline

While software grows more complex and the pace of development accelerates, the stakes for building secure software have never been higher. If you’re like most teams embracing a DevOps culture, you’re focused on breaking down silos, streamlining workflows, and cranking out functional software at a nearly continuous clip. Amid all these fundamental changes, how do […]

Continue Reading...

Posted in CI/CD, DevOps, Software Composition Analysis, Static Analysis (SAST) | Comments Off on Webinar: Ensure your software is secure without clogging up the CI/CD pipeline

 

Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?

Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety […]

Continue Reading...

Posted in Application Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?

 

Coverity: Setting the standard for better software

From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance, Software Quality, Static Analysis (SAST) | Comments Off on Coverity: Setting the standard for better software

 

Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]

Continue Reading...

Posted in Application Security, Open Source Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST) | Comments Off on Get the latest resource helping development teams overcome widespread challenges