An introduction to installing Black Duck
Get started with the Dockerized Black Duck installation. This post outlines workplace specifications, tools, and steps for installing Black Duck. The post An introduction to installing Black Duck appeared first on Software Integrity Blog ... Read More
How to teach developers secure coding without slowing them down
Secure coding training isn’t required in most computer science programs. How can you fill the gaps in your developers’ education without slowing them down? The post How to teach developers secure coding without slowing them down appeared first on Software Integrity Blog ... Read More
How are code quality and code security related?
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both. The post How are code quality and code security related? appeared first on Software Integrity Blog ... Read More
Announcing Code Sight 2019.4
The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs. The post Announcing Code Sight 2019.4 appeared first on Software Integrity Blog ... Read More
How to manage web application security with Coverity
Improve your web application security management by finding and fixing security vulnerabilities earlier and achieving compliance with industry standards. Organizations in many industries use web applications to collect and handle information such as credit card numbers, emails, and customer behavior data. They rely on these web apps to run their ... Read More
So you just bought a SAST tool. Now what?
You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment. In response to the growing consensus that software defects grow riskier and costlier to fix further along in the software development life ... Read More
Making SAST easier, faster, and more integrated with Polaris
How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use. Software developers are increasingly responsible for application security. Consequently, they need to find and fix software security issues early in the application development process. Static application ... Read More
How to automate static analysis in your SDLC
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance. As attacks on the application layer increase and businesses ask developers to produce software faster, security and development teams must satisfy demands for more secure software without sacrificing rapid ... Read More
Announcing Black Duck OpsSight 2.2—Container security at scale
With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source. Containers require a different approach to application security Containers, which speed time to market and enable continuous delivery, represent a dramatic shift in the ... Read More
How to “shift left” with application security tools, and how not to
Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers. The “shift left” movement has gained traction as a strategy for finding and removing software vulnerabilities without throwing a wrench in the application development process. The ... Read More
