Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Mitigate vulnerabilities from third-party libraries with Datadog Software Composition Analysis

Mitigating application vulnerabilities throughout the software development life cycle (SDLC) is critical—and challenging, especially as applications rely more and more on third-party, open source software (OSS). With this type of architecture, teams often don’t know exactly where vulnerabilities exist in their code, which of those vulnerabilities are actively exposed in production services, and which vulnerabilities are more critical to address than others.

Automated SCM project scanning with Black Duck SCA | Synopsys

Black Duck’s automated project onboarding meets teams where they already are and enables them to quickly onboard and scan multiple projects in a single step. This means no manual scanning needed, and no interfacing with builds or pipeline – these scans are mapped and executed entirely within Black Duck. In this video, we'll demonstrate how to.

What is SCA (Software Composition Analysis) software?

SCA or Software Composition Analysis is an important security tool that helps you understand how your application is made up. Our software is built from open-source components and these components can have vulnerabilities or simply be malicious. SCA scans our applications to identify these components and lets us know if there are vulnerabilities or issues within it. In this short video we explain what SCA tools are and how they work as well as there role in application and cyber security.

Announcing a Unified Veracode SAST and SCA IDE Plugin

Veracode is pleased to announce the availability of a new Integrated Development Environment (IDE) Plugin for VS Code. Our new plugin combines both Veracode Static Analysis (SAST) and Software Composition Analysis (SCA) into a single plugin. This allows developers to quickly scan projects for security weaknesses and risks in both first-party code and third-party libraries.

Accelerate modern development with Polaris pull request comments support | Synopsys

Integrate seamlessly into your SCM and DevOps pipelines. Learn how teams can effortlessly provide automatic feedback on new issues, without slowing down workflows. With Polaris in your pipelines, access both SAST and SCA findings directly within GitHub as comments on pull requests. Streamline triage, audit, policy, and reporting—all conveniently stored in Polaris.

New EMEA Software Security Data Demonstrates Necessity of SCA

New software security data demonstrates that Software Composition Analysis (SCA) will help bolster the safety and integrity of open-source software usage for organizations in the Europe, Middle East, and Africa (EMEA) region in particular. The EU Cyber Resilience Act makes this research especially crucial and timely. Let’s dive in and look at recommendations for EMEA teams wanting to secure cloud-native development.

Why SCA is Critical for Securing the Software Supply Chain

Weaknesses within software supply chains create a foothold for exploitation from cyberattacks. The problem is so significant that even the White House released an Executive Order that speaks directly on this topic. “The Federal Government must take action to rapidly improve the security and integrity of the software supply chain,” states the Executive Order emphatically. Now, you may be wondering what your organization can do to mitigate this risk.