Collaborate Disseminate
Get started with the Dockerized Black Duck installation. This post outlines workplace specifications, tools, and steps for installing Black Duck.
The post An introduction to installing Black Duck appeared first on Software Integrity Blog.
The post An … Continue reading An introduction to installing Black Duck
Secure coding training isn’t required in most computer science programs. How can you fill the gaps in your developers’ education without slowing them down?
The post How to teach developers secure coding without slowing them down appeared f… Continue reading How to teach developers secure coding without slowing them down
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.
The post How are code quality and code security related? appeared first on Software… Continue reading How are code quality and code security related?
Improve your web application security management by finding and fixing security vulnerabilities earlier and achieving compliance with industry standards. Organizations in many industries use web applications to collect and handle information such as cr… Continue reading How to manage web application security with Coverity
You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment. In response to the growing consensus that software defects grow riskier and cost… Continue reading So you just bought a SAST tool. Now what?
How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use. Software developers are increasingly responsible for application security. Consequently, they need… Continue reading Making SAST easier, faster, and more integrated with Polaris
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance. As attacks on the application layer increase and businesses ask developers to produce software … Continue reading How to automate static analysis in your SDLC
With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source. Containers require a different approach to application security Containers, which … Continue reading Announcing Black Duck OpsSight 2.2—Container security at scale
Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers. The “shift left” movement has gained traction as a strategy for finding and rem… Continue reading How to “shift left” with application security tools, and how not to
Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be… Continue reading Securing containers at scale