Software Integrity Blog

Managing license compliance with Black Duck SCA

Black Duck provides a comprehensive SCA solution for managing security, quality, and license compliance risks associated with open source use.

Continue Reading...

How to cyber security: Invisible application security

Invisible application security is the concept of integrating and automating AppSec testing with little interruption to developer workflows.

Continue Reading...

Defending against the cyber pandemic demands holistic security and intelligent DevSecOps

Learn how Synopsys AppSec tools and services can help your organization deliver a holistic security approach to address rising cyber threats.

Continue Reading...

Reflections on trusting plugins: Backdooring Jenkins builds

In this post we explore how an attacker who has compromised a Jenkins instance can backdoor software built with it and what security measures are critical to ensure protection against attacks.  

Continue Reading...

Forrester recognizes Synopsys as a leader in Software Composition Analysis

Black Duck ranks highest in Strategy and receives highest possible scores in Product Vision, Market Approach, and Corporate Culture criteria.

Continue Reading...

Keep infrastructure as code secure with Synopsys

Infrastructure as code is a key concept in DevOps for cloud deployments. Learn how to secure it using Rapid Scan SAST.

Continue Reading...

Why penetration testing needs to be part of your IoT security

Penetration testing is critical to assessing the overall strength of your company’s defense against cyber criminals targeting IoT devices.

Continue Reading...

Manual security testing services vs. automated AppSec tools: Which to use?

Manual security testing services and automated AppSec tools have their place in DevOps. Knowing which to use will make your security efforts more effective.

Continue Reading...

How to run your CodeXM checker

In part two of our series on writing checkers with CodeXM, we explore how to run your CodeXM checker with Coverity using a command line interface.

Continue Reading...

Debunking the seven myths of FSI application security

Don’t let myths undermine the security of financial software. We examine the seven myths and misconceptions found in FSI application security.

Continue Reading...