Announcing the Polaris Software Integrity Platform
The Polaris platform integrates the Synopsys Software Integrity portfolio into an easy-to-use solution so you can build secure, high-quality software faster. The post Announcing the Polaris Software...
View ArticleHow to automate static analysis in your SDLC
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance. The post How to automate static analysis in...
View ArticleMaking SAST easier, faster, and more integrated with Polaris
How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use. The post Making SAST easier, faster, and more...
View ArticleHow to choose between enterprise and open source static analysis
Both enterprise and open source static analysis tools can boost your application security program. But each has its strengths. Learn more before you choose. The post How to choose between enterprise...
View ArticleSo you just bought a SAST tool. Now what?
You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment. The post So you just bought a SAST tool....
View ArticleHow to manage web application security with Coverity
Improve your web application security management by finding and fixing security vulnerabilities earlier and achieving compliance with industry standards. The post How to manage web application...
View ArticleHow to win the application security arms race
Static application security testing helps you find and fix vulnerabilities earlier in the development life cycle, resulting in more secure software. The post How to win the application security arms...
View ArticleAnnouncing Code Sight 2019.4
The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs. The post Announcing Code Sight 2019.4 appeared...
View ArticleHow are code quality and code security related?
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both. The post How are code quality and code...
View ArticleDo you have the right tools in your application security toolkit?
With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit. The post Do you have the right tools in your...
View ArticleWhy your SAST tool needs to understand your web framework
Web frameworks can introduce security issues into web applications. Mitigate this risk with a static analysis tool that understands the frameworks you use. The post Why your SAST tool needs to...
View ArticleCoverity release ties in well to the latest MITRE CWE Top 25
MITRE’s 2019 CWE Top 25 list contains many code quality issues that can result in security vulnerabilities. Static analysis can help you mitigate them. The post Coverity release ties in well to the...
View ArticleIntegrating Coverity Scan with GitLab CI
David Woodhouse at AWS, who maintains the open source OpenConnect VPN client, explains how he integrated Coverity Scan with GitLab CI. The post Integrating Coverity Scan with GitLab CI appeared first...
View ArticleSAST vs. SCA: What’s the difference? Do I need both?
Learn how to combine static application security testing (SAST) and software composition analysis (SCA) to strengthen your software security program. The post SAST vs. SCA: What’s the difference? Do I...
View Article[Webinar] Static Analysis Security Testing (SAST) in CI/CD: Why and How
Learn how to add static application security testing (SAST) to your CI/CD workflows to constantly verify code changes and improve application integrity. The post [Webinar] Static Analysis Security...
View ArticleSynopsys adds GitHub Action for SAST and SCA
GitHub Actions brings the platform into the CI/CD market, making it simple to integrate SAST and SCA into workflows with the Synopsys Detect GitHub Action. The post Synopsys adds GitHub Action for...
View ArticleWhich application security tools should you choose?
There’s no single silver bullet for application security. Instead, you need a combination of application security tools and services. Here’s an overview. The post Which application security tools...
View Article[Webinars] SAST and SCA together, managed pen testing for risk management
Learn how to combine SAST and SCA to find and fix more security and quality issues, and how managed pen testing supports your risk management strategy. The post [Webinars] SAST and SCA together,...
View ArticleSAST and SCA: Why use both?
If you use an SCA tool, why should you use a SAST tool as well? Let’s discuss what each tool can and can’t do and how they complement each other. The post SAST and SCA: Why use both? appeared first on...
View Article[Webinars] Modern application security programs, SAST in DevSecOps
Learn more about modern application security programs, DevOps, and CI/CD, and how to integrate static analysis into your DevSecOps pipeline. The post [Webinars] Modern application security programs,...
View Article[Webinars] DoS attacks in Node.js, SAST in DevSecOps
Learn how to protect Node.js apps against denial-of-service attacks, and how to integrate static application security testing into DevSecOps pipelines. The post [Webinars] DoS attacks in Node.js, SAST...
View Article[Webinars] Static analysis best practices, remote security testing and training
In this week’s webinars, we’ll share how to get the most out of your static analysis tool and how to make the transition from on-site to remote testing. The post [Webinars] Static analysis best...
View Article[Webinars] Implementing SAST, reducing open source risk in M&A
In this week’s webinars, we’ll talk about how to add static analysis to your development cycle and how to minimize open source risk in M&A transactions. The post [Webinars] Implementing SAST,...
View Article[Webinars] Developing track and trace apps, integrating SAST into DevSecOps
Learn about the security considerations for COVID-19 track and trace mobile apps and how to integrate static analysis into your DevSecOps pipeline. The post [Webinars] Developing track and trace apps,...
View ArticleCan SAST tools improve developer productivity?
They can—if you have a SAST tool that helps developers find and fix real security defects rather than hindering their productivity with false positives. The post Can SAST tools improve developer...
View ArticleClik here to view.
Forrester recognizes Synopsys as a leader in static application security testing
We’re proud to announce that Synopsys has been named a leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. Find out why. The post Forrester recognizes Synopsys as a leader in...
View ArticleClik here to view.
Web application security testing at scale with Coverity SAST
With the rise of cyber attacks on web apps, organizations require AST tools that can help manage web application security and compliance. The post Web application security testing at scale with...
View ArticleClik here to view.
Let’s write a CodeXM checker (it’s not rocket science!)
All systems are go. We have liftoff. Let’s write some CodeXM. The post Let’s write a CodeXM checker (it’s not rocket science!) appeared first on Software Integrity Blog.
View ArticleClik here to view.
Let’s write more CodeXM checkers (second-stage ignition)
If you read the previous installment, you’ll recall that we boosted ourselves to low earth orbit using CodeXM to write a Coverity checker to help enforce a naming convention (which, of course, you can...
View ArticleClik here to view.
Coverity 2018.12: Securing enterprise applications
Coverity 2018.12 adds analysis without build, covers more languages and frameworks, finds more vulnerabilities, and supports enterprise application security goals. The post Coverity 2018.12: Securing...
View Article
