Collaborate Disseminate
Both enterprise and open source static analysis tools can boost your application security program. But each has its strengths. Learn more before you choose one. Static analysis (SAST) technologies analyze application code for security and quality defec… Continue reading How to choose between enterprise and open source static analysis
How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use. Software developers are increasingly responsible for application security. Consequently, they need… Continue reading Making SAST easier, faster, and more integrated with Polaris
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance. As attacks on the application layer increase and businesses ask developers to produce software … Continue reading How to automate static analysis in your SDLC
The Polaris platform integrates the Synopsys Software Integrity portfolio into an easy-to-use solution so you can build secure, high-quality software faster. By Neal Goldman and Utsav Sanghani We’re excited to introduce the Polaris Software Integ… Continue reading Announcing the Polaris Software Integrity Platform
How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis. Introduction SAST solutions are popular with both development and security teams. But they’re used… Continue reading Why dependencies matter for SAST
Coverity 2018.12 adds analysis without build, covers more languages and frameworks, finds more vulnerabilities, and supports enterprise application security goals. On behalf of the product team at Synopsys Software Integrity Group, I’m excited to… Continue reading Coverity 2018.12: Securing enterprise applications
Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to find and fix security vulnerabilities early in the DevOps proce… Continue reading Webinar: Static analysis helps DevOps teams maintain velocity securely
All systems are go. We have liftoff. Let’s write some CodeXM. If you’ve read the previous two posts, you should come away with a sense that writing a CodeXM checker isn’t rocket science. Let’s put that to the test. In order to g… Continue reading Let’s write a CodeXM checker (it’s not rocket science!)
This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impac… Continue reading Integrating Coverity static analysis into development workflows
Every application security testing tool has advantages and disadvantages. No single solution can ensure you find and fix all vulnerabilities. But application security tools can complement one another and help you secure your applications in each stage … Continue reading Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP