Open-source security spat leads companies to join forces for new tool

A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep.

The post Open-source security spat leads companies to join forces for new tool appeared first on CyberScoop.

Continue reading Open-source security spat leads companies to join forces for new tool

Is there evidence that using SAST / SCA brings positive ROI to software companies?

Using SAST / SCA tools within the delivery pipelines is quite common these days; however, in the software my teams are building, the SAST tools that we’re using are very rarely finding even relatively important security gaps – for the most… Continue reading Is there evidence that using SAST / SCA brings positive ROI to software companies?

Veracode SSRF Flag for http.NewRequestWithContext: Mitigating Risk in My Go Application

I’m working on a Go application where I’m using http.NewRequestWithContext to make outgoing requests. During a recent Veracode scan, I received an SSRF (Server-Side Request Forgery) flag for the following line:
req, err:= http.NewRequestWi… Continue reading Veracode SSRF Flag for http.NewRequestWithContext: Mitigating Risk in My Go Application