Software Integrity Blog

Archive for the 'Static Analysis (SAST)' Category

 

[Webinars] Modern application security programs, SAST in DevSecOps

Learn more about modern application security programs, DevOps, and CI/CD, and how to integrate static analysis into your DevSecOps pipeline.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Security Program, Static Analysis (SAST), Webinars | Comments Off on [Webinars] Modern application security programs, SAST in DevSecOps

 

SAST and SCA: Why use both?

If you use an SCA tool, why should you use a SAST tool as well? Let’s discuss what each tool can and can’t do and how they complement each other.

Continue Reading...

Posted in Application Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on SAST and SCA: Why use both?

 

[Webinars] SAST and SCA together, managed pen testing for risk management

Learn how to combine SAST and SCA to find and fix more security and quality issues, and how managed pen testing supports your risk management strategy.

Continue Reading...

Posted in Software Composition Analysis (SCA), Software Security Program, Static Analysis (SAST), Webinars | Comments Off on [Webinars] SAST and SCA together, managed pen testing for risk management

 

Which application security tools should you choose?

There’s no single silver bullet for application security. Instead, you need a combination of application security tools and services. Here’s an overview.

Continue Reading...

Posted in Application Security, Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Which application security tools should you choose?

 

Coverity & Black Duck together. Better. Faster. Stronger.

Using static code analysis (SAST) and software composition analysis (SCA) together makes your software development process better, faster, and stronger.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Coverity & Black Duck together. Better. Faster. Stronger.

 

Synopsys adds GitHub Action for SAST and SCA

GitHub Actions brings the platform into the CI/CD market, making it simple to integrate SAST and SCA into workflows with the Synopsys Detect GitHub Action.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Synopsys adds GitHub Action for SAST and SCA

 

[Webinar] Static Analysis Security Testing (SAST) in CI/CD: Why and How

Learn how to add static application security testing (SAST) to your CI/CD workflows to constantly verify code changes and improve application integrity.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinars | Comments Off on [Webinar] Static Analysis Security Testing (SAST) in CI/CD: Why and How

 

SAST vs. SCA: What’s the difference? Do I need both?

Learn how to combine static application security testing (SAST) and software composition analysis (SCA) to strengthen your software security program.

Continue Reading...

Posted in Application Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on SAST vs. SCA: What’s the difference? Do I need both?

 

Integrating Coverity Scan with GitLab CI

David Woodhouse at AWS, who maintains the open source OpenConnect VPN client, explains how he integrated Coverity Scan with GitLab CI.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Integrating Coverity Scan with GitLab CI

 

Coverity release ties in well to the latest MITRE CWE Top 25

MITRE’s 2019 CWE Top 25 list contains many code quality issues that can result in security vulnerabilities. Static analysis can help you mitigate them.

Continue Reading...

Posted in Software Compliance, Quality & Standards, Static Analysis (SAST) | Comments Off on Coverity release ties in well to the latest MITRE CWE Top 25