Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

synopsys

How to generate a software bill of materials

Jan 31, 2024 By Mike McGuire In Synopsys
The complexity of modern applications (think open source, proprietary and commercial code) makes the management of software supply chain security a business-critical effort. Robust software supply chain security requires a thorough understanding of your organization’s software components - a complete visibility into the makeup of your code - best achieved with a Software Bill of Materials (SBOM).
Read Post

Polaris Software Integrity Platform: Automate Any Scan, Anytime, Anywhere, All at Once | Synopsys

Jan 26, 2024 By Synopsys In Synopsys
Polaris Software Integrity Platform is the first no compromise cloud-based application security solution that meets the diverse needs of Development, DevOps, and Security teams. Polaris Overview Highlights: Watch this overview to see how Polaris can benefit your organization.
View Video

Rapid Bulk SCM onboarding made easy with Polaris | Synopsys

Jan 24, 2024 By Synopsys In Synopsys
It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps: To learn more, visit synopsys.com/polaris.
View Video
synopsys

Mobile app security testing and development at the speed your business demands

Jan 23, 2024 By Corey Hamilton In Synopsys
Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, and React Native support with another option for those focused on secure mobile app development.
Read Post

How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys

Jan 16, 2024 By Synopsys In Synopsys
Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain. Watch the video to streamline your SBOM generation process and take control of your software supply chain.
View Video
synopsys

Mergers and acquisitions insurance

Jan 16, 2024 By Steven Power In Synopsys
Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit. For insurers, risk evaluation is fundamental to establishing coverage limitations and pricing uninsurable risks appropriately.
Read Post

Understanding Continuous DAST in Production with WhiteHat Dynamic

Jan 9, 2024 By Synopsys In Synopsys
This video provides an overview of WhiteHat Dynamic's approach to continuous production DAST testing, and its integration with other Synopsys tools for comprehensive security across all development stages. Join us as we walk through the dashboard's executive and peer benchmarking views, examine common vulnerabilities, and delve into the process of identifying and validating issues using a blend of automated and manual testing techniques.
View Video
synopsys

CyRC Vulnerability Advisory: CVE-2023-51448 Blind SQL Injection in SNMP Notification Receivers

Jan 8, 2024 By Matthew Hogg In Synopsys
The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti. Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.
Read Post
synopsys

DevSecOps practices to maintain developer velocity

Jan 4, 2024 By Fred Bals In Synopsys
By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.