Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2024

The Startup's Open-Source Guide to Application Security

Security can be a difficult, expensive world to navigate. So we decided to create a comprehensive guide of open-source security tools to cut through the bullsh*t and show what the most critical tools to implement are, what assets you need to protect, and how you can build a long-term security plan using only free and open-source tools.

Top Open Source API Security Tools

The modern world relies on Application Programming Interfaces (APIs). They allow applications to communicate with each other, servers, and consumers to facilitate data sharing and simplify application development. Without them, the internet would be unrecognizable. However, APIs also present a considerable risk to organizations. If left unsecured, they can be a gateway for attackers to access critical data and services. Protecting APIs is extraordinarily important, but it can be expensive.

Rapid Bulk SCM Onboarding Made Easy with Polaris | Black Duck

It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps.

Mend.io - Backstage Integration: Bringing Security Insights Where You Need Them

Launched as an internal project by Spotify in 2016, Backstage was released under the Apache 2.0 open source license in 2020 to help other growing engineering teams deal with similar challenges. Backstage aims to provide a consistent developer experience and centralize tools, documentation, and services within a single platform.

Introducing Black Duck Polaris with branching support | Black Duck

Unlock the power of modern app development with the latest Black Duck Polaris Platform feature: Branching support. Developers can now seamlessly scan multiple branches, identify vulnerabilities, and eliminate any critical blind spot early in the development and DevOps process. Branching support provides more transparency and visibility into scanning activities, allowing more secure code to be developed across organizations.

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.