Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

How to generate a software bill of materials

The complexity of modern applications (think open source, proprietary and commercial code) makes the management of software supply chain security a business-critical effort. Robust software supply chain security requires a thorough understanding of your organization’s software components - a complete visibility into the makeup of your code - best achieved with a Software Bill of Materials (SBOM).

Polaris Software Integrity Platform: Automate Any Scan, Anytime, Anywhere, All at Once | Synopsys

Polaris Software Integrity Platform is the first no compromise cloud-based application security solution that meets the diverse needs of Development, DevOps, and Security teams. Polaris Overview Highlights: Watch this overview to see how Polaris can benefit your organization.

Rapid Bulk SCM onboarding made easy with Polaris | Synopsys

It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps: To learn more, visit synopsys.com/polaris.

Mobile app security testing and development at the speed your business demands

Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, and React Native support with another option for those focused on secure mobile app development.

How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys

Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain. Watch the video to streamline your SBOM generation process and take control of your software supply chain.

Mergers and acquisitions insurance

Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit. For insurers, risk evaluation is fundamental to establishing coverage limitations and pricing uninsurable risks appropriately.

Understanding Continuous DAST in Production with WhiteHat Dynamic

This video provides an overview of WhiteHat Dynamic's approach to continuous production DAST testing, and its integration with other Synopsys tools for comprehensive security across all development stages. Join us as we walk through the dashboard's executive and peer benchmarking views, examine common vulnerabilities, and delve into the process of identifying and validating issues using a blend of automated and manual testing techniques.

CyRC Vulnerability Advisory: CVE-2023-51448 Blind SQL Injection in SNMP Notification Receivers

The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti. Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.

DevSecOps practices to maintain developer velocity

By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development.