Tag: SAST

The Security Pipeline
Over the last few years, the ability to secure our applications has grown, and deep integration into the DevOps toolchain has, too. There are more tools doing more security checks protecting more ...

Checkmarx Brings Generative AI to SAST and IaC Security Tools
Under an early access program, Checkmarx today made available query builder and guided automation tools that take advantage of OpenAI's generative artificial intelligence (AI) technologies to make it simpler for developers to ...

Mobb Launches Community Edition of Automated Remediation Tool
Mobb today made available a free community edition of a namesake tool that creates fixes to open source vulnerabilities. The fixes are based on the results of code scanning by a static ...

A Seven Point Checklist for Getting SAST Right
With so many physical products—from automobiles to airplanes and medical devices to industrial control systems—now being driven by software, product security has become a top-level concern for manufacturers. Software flaws can not ...

Addressing Software Supply Chain Security
It’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a ...

Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ...

Three Ways to Speed up SAST
In modern, continuous software development life cycle (SDLC) processes, when code is written and before it’s committed to the repository, it’s run through testing, which may include unit testing, regression testing or ...

Cycode Expands Scope of AppDev Security Platform
At the Black Hat USA 2022 conference, Cycode this week announced it has added static application security testing (SAST) and container scanning capabilities to its software composition analysis (SCA) platform that is based ...

Turning Off DevSecOps Noise for Functional Fidelity
Analyzing the DevOps and DevSecOps software marketplace demonstrates the high demand for tools and platforms that reduce false positives. As businesses and organizations adopt a rigorous, disciplined software development life cycle and ...

Quick! Define DevSecOps: Let’s Call it Development Security
For a good long while, DevSecOps referred specifically to vendors like Veracode that did static application security scanning, dynamic application security scanning, software composition analysis and some form of runtime monitoring (usually ...

WhiteSource Becomes Mend, Launches Automated Remediation Platform
WhiteSource rechristened itself Mend today and launched a remediation platform that automatically resolves security issues for application developers. Rami Sass, co-founder and CEO of Mend, said now the company is going beyond ...

Shift Left is Only Part of Secure Software Delivery
We’re living in the age of accelerated consumption and delivery. You can get a seemingly infinite selection of products delivered to your door within two days, for free, from thousands of miles ...