Tag: SAST
WhiteSource Becomes Mend, Launches Automated Remediation Platform
WhiteSource rechristened itself Mend today and launched a remediation platform that automatically resolves security issues for application developers. Rami Sass, co-founder and CEO of Mend, said now the company is going beyond ...
Shift Left is Only Part of Secure Software Delivery
We’re living in the age of accelerated consumption and delivery. You can get a seemingly infinite selection of products delivered to your door within two days, for free, from thousands of miles ...
Securing Software with Intelligent Pipelines
One of the biggest cybersecurity risks involves vulnerabilities in the application layer. After all, the best firewall is useless if the web application itself is vulnerable. Many companies have worked to mitigate these ...
Bridging the AppSec and DevOps Disconnect
Research estimates that cybercrime is going to cost the world $10.5 trillion annually by 2025, so it is no surprise that cybersecurity has become a top priority for business leaders. Today, security ...
JFrog Acquires Vdoo to Advance DevSecOps
JFrog today announced it has agreed to acquire Vdoo for $300 million in cash to gain a set of analytics tools that discover vulnerabilities in application binaries. Vdoo's scanning tools, infused with ...
Continuous Testing Practices – Part 3
In my prior blog, Continuous Testing – The Quest for Quality at Speed, I described five tenets and some of the practices for continuous testing to help with understanding what continuous testing ...
Prevent False Positives From Derailing Shift Left
Static application security testing (SAST) tools are designed to balance false positives (incorrect warnings) with false negatives (missed vulnerabilities) primarily because deeper analysis requires more time and computing resources. Both of these ...
SAST, DAST, SCA: What’s Best For AppSec Testing?
According to the most recent Verizon Data Breach Investigations Report, almost 90% of data breaches are driven by financial gain, up from 71% in last year's report. Most noteworthy, however, is that ...
GrammaTech Allies with GitLab to Advance DevSecOps
GrammaTech announced today it has partnered with GitLab to integrate its GrammaTech CodeSonar static application security testing (SAST) tools with the GitLab Ultimate DevSecOps platform. Vince Arneja, chief product officer at GrammaTech, ...
What is SAST? Overview + SAST Tools
Static Application Security Testing Overview With the growing number of cybersecurity threats, you must ensure that your software is protected against potential vulnerabilities and threats. One of the most beneficial practices is ...
Shifting Left and Static Code Analysis with Perforce
Perforce Product Manager Stuart Foster, and Evangelist Steve Howard, join Mitch Ashley to discuss the importance of creating security software from the beginning of the development process. We discuss shift left, SAST, ...
Snyk Brings AI to DevSecOps
Snyk today at its SnykCon 2020 conference announced a static application security testing (SAST) dubbed Snyk Code that incorporates an interpretable machine learning semantic code analysis engine the company gained through its ...