Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.

Different types of software licenses require you to meet certain obligations if you want to reuse the code. Here are five common types of software licenses.

Learn why Synopsys earned the highest score for the Continuous Testing Use Case in Gartner’s latest report. Gartner recently released its 2022 “Critical Capabilities for Application Security Testing” (AST) report, and I am delighted to see that Synopsys received the highest score across each of the five Use Cases.

Intelligent Orchestration enables security and development teams to implement coordinated DevSecOps workflows with minimal friction. Application security (AppSec) adds an extra layer to software development. The more the process is automated and the more tools are integrated into the continuous delivery/continuous deployment (CI/CD) pipeline, the more challenges organizations face in securing software security from end to end (false positives, noise, etc.).

Many acquirers perform interview-based due diligence, but adding a software audit can provide an in-depth assessment of software risks in a target’s code. When deciding between an interview-based due diligence or software audit, the short answer is both.

Learn about the top open source licenses used by developers, including the 20 most popular open source licenses, and their legal risk categories. If you’re a software developer, you probably use open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges?

What does it mean to build a holistic AppSec program? Learn what’s involved in a holistic approach and how to get started. Digital technology is the centerpiece of modern life today. All around us, technology is transforming business operations from end-to-end, from digital-first businesses to those simply updating existing processes. According to Gartner, 65% of executives report that they accelerated the pace of their digital business initiatives in 2021.

Find out what our audit services team unearthed in the 2,400+ codebases we reviewed in 2021. Spoiler alert: In 2021, audits found open source in 100% of our customer engagements. Regular readers know that Synopsys recently published the seventh edition of the “Open Source Security and Risk Assessment” (OSSRA) report. We think it provides the best information available about usage of open source in the wild, and the frequency of open source risks.

The curl vulnerability shows how we produced timely information by combing through source code commits in open source projects.

The OWASP API Security Top 10 list highlights the most critical API security risks to web applications. Shifting security left means that API security can’t be left only to security teams. Developers need to be on top of potential vulnerabilities and remediate them as they develop. Building security into DevOps means we need to be thinking about how to deliver secure, high-quality code at velocity. Having some basic API security info under your belt will help.