Application Security & Software Security Blog

Managing license compliance with Black Duck SCA

Black Duck provides a comprehensive SCA solution for managing security, quality, and license compliance risks associated with open source use.

How to cyber security: Invisible application security

Invisible application security is the concept of integrating and automating AppSec testing with little interruption to developer workflows.

Defending against the cyber pandemic demands holistic security and intelligent DevSecOps

Learn how Synopsys AppSec tools and services can help your organization deliver a holistic security approach to address rising cyber threats.

Reflections on trusting plugins: Backdooring Jenkins builds

In this post we explore how an attacker who has compromised a Jenkins instance can backdoor software built with it and what security measures are critical to ensure protection against attacks.

Forrester recognizes Synopsys as a leader in Software Composition Analysis

Black Duck ranks highest in Strategy and receives highest possible scores in Product Vision, Market Approach, and Corporate Culture criteria.

Keep infrastructure as code secure with Synopsys

Infrastructure as code is a key concept in DevOps for cloud deployments. Learn how to secure it using Rapid Scan SAST.

Why penetration testing needs to be part of your IoT security

Penetration testing is critical to assessing the overall strength of your company’s defense against cyber criminals targeting IoT devices.

Manual security testing services vs. automated AppSec tools: Which to use?

Manual security testing services and automated AppSec tools have their place in DevOps. Knowing which to use will make your security efforts more effective.