So you just bought a SAST tool. Now what?

So you just bought a SAST tool. Now what?

You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment. In response to the growing consensus that software defects grow riskier and costlier to fix further along in the software development life ... Read More
Making SAST easier, faster, and more integrated with Polaris

Making SAST easier, faster, and more integrated with Polaris

How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use. Software developers are increasingly responsible for application security. Consequently, they need to find and fix software security issues early in the application development process. Static application ... Read More
How to automate static analysis in your SDLC

How to automate static analysis in your SDLC

| | Static Analysis (SAST)
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance. As attacks on the application layer increase and businesses ask developers to produce software faster, security and development teams must satisfy demands for more secure software without sacrificing rapid ... Read More
Announcing Black Duck OpsSight 2.2—Container security at scale 

Announcing Black Duck OpsSight 2.2—Container security at scale 

With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source. Containers require a different approach to application security Containers, which speed time to market and enable continuous delivery, represent a dramatic shift in the ... Read More
How to “shift left” with application security tools, and how not to

How to “shift left” with application security tools, and how not to

| | Agile, CI/CD & DevOps
Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers. The “shift left” movement has gained traction as a strategy for finding and removing software vulnerabilities without throwing a wrench in the application development process. The ... Read More
Securing containers at scale

Securing containers at scale

Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be difficult in containerized production environments, which pose new challenges to application security. Organizations ... Read More
Securing applications with Coverity’s static analysis results

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing ... Read More
Integrating Coverity static analysis into development workflows

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports ... Read More
Maximizing the impact of static analysis

Maximizing the impact of static analysis

This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. Aligning static analysis with development goals Application security responsibilities are shifting to the developer as organizations look to produce secure, high-quality software at ... Read More