Topic: sca

Synopsys releases fAST Dynamic test solution

Synopsys today released a new application security testing solution, fAST Dynamic, that helps organizations find and remediate security vulnerabilities in today’s modern web applications. According to the company’s announcement, fAST Dynamic is built upon scanning technology Synopsys acquired from WhiteHat Security, and adds on to fAST Static and fAST SCA, which were built into the … continue reading

The need for a chief open source officer

Just as software security has become strategic for many organizations, so too has the use of open source in development become strategic. And, as organizations realized they needed to create the role of chief information security officer (CISO), they are now coming to understand the importance of creating an open source program office to be … continue reading

DevOps Feedback Loop Explained: Weak Feedback

Feedback is routinely requested and occasionally considered. Using feedback and doing something with it is nowhere near as routine, unfortunately. Perhaps this has been due to a lack of a practical application based on a focused understanding of feedback loops, and how to leverage them. We’ll look at Feedback Loops, the purposeful design of a … continue reading

Combining Static Application Security Testing (SAST) and Software Composition Analysis (SCA) Tools

When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS).    Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading

ShiftLeft CORE gets new vulnerability identification features

Security company ShiftLeft today announced the new release of its ShiftLeft CORE platform with the Velocity Update that has new features for identifying and addressing potential vulnerabilities earlier in the software development life cycle.  New features and capabilities include the ability to perform code analysis for Kotlin apps for mobile development, which is an early-stage … continue reading

5 ways developers can use SCA to increase code output

Developers are always under pressure to increase code output, but without the proper controls and tooling in place, rushing through the development process can lead to problems down the road.  Things like static code analysis (SCA) tools offer a way to verify quality, security, and compliance without adding too much extra time to the process. … continue reading

Report: A 430% increase in next-generation supply chain attacks in last year

The past year saw a 430% increase in next-generation cyber attacks aimed at actively infiltrating open source software supply chains, according to the 2020 State of the Software Supply Chain report.  In the past 12 months, 929 next-generation software supply chain attacks were recorded. By comparison, 216 such attacks were recorded between February 2015 and … continue reading

When does SCA replace SAST or DAST?

The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading

The future of application security

A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading

5 ways static code analysis can save you

If you’re not doing static code analysis (aka static analysis), now is the time to start. Delivering code faster has dubious value if the quality degrades as development cycles shrink. On the other hand, if you’re not doing static code analysis, you’re not alone. Despite the mature age of the tool category, not a lot … continue reading

CA Technologies acquires SourceClear for its DevSecOps portfolio

CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading

DMCA.com Protection Status