SDxCentral

Endor Labs, 7 Others Launch Opengrep to Keep Static Code Analysis Open Source

Endor Labs has collaborated with Aikido Security, Arnica, Amplify, Kodem, Legit, Mobb, and Orca Security to introduce Opengrep, an initiative designed to maintain open access to static code analysis ...
SD Times

Guest View: Use static analysis to secure open source

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
TheServerSide

Best Java static code analysis tools for code quality automation

One of the best ways to protect your software project from avoidable bugs is the use of Java static code analysis tools. These tools can help identify and fix problematic code before it reaches ...
SD Times

SEI CERT releases open-source Source Code Analysis Laboratory for pinpointing vulnerabilities

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Dark Reading

Open Source LLM Tool Sniffs Out Python Zero-Days

Researchers at Protect AI have released Vulnhuntr, a free, open source static code analyzer tool that can find zero-day vulnerabilities in Python codebases using Anthropic's Claude artificial ...
dbta

SonarCloud Debuts Open Source, Zero-Configuration, Automatic Analysis for C and C++ Projects

Sonar, the Clean Code solution provider, is announcing a new capability for its SonarCloud platform: Zero-configuration, automatic analysis for programming languages C and C++. This capability allows ...
InfoWorld

Measure the quality of your .Net code with NDepend

Take advantage of the powerful static code analysis tool to identify and understand issues in your .Net application’s code Assessing the quality of an application’s code is often a subjective process.
Insurancenewsnet.com

Code Dx Integrated in New SWAMP-in-a-Box Open Source Software Assurance Solution

SiB is a free, self-contained version of the SWAMP's continuous assurance technologies that will allow the software assurance community to deploy local (private) instances of the SWAMP. SiB can be ...
Nasdaq

Checkov 2.0 Launches as the First Open-Source Cloud Infrastructure Scanner With Dependency Awareness

- Checkov has been downloaded over 1.2 million times since the project launched in December 2019, and today adds over 200 new policies, making it the most comprehensive open-source IaC scanner ...
Dark Reading

Reachability Analysis Pares Down Static Security-Testing Overload

AI assistants are a double-edged sword for developers. On one hand, code-generation assistants have made creating barebones applications easier and led to a surge in code pushed to GitHub. Yet just as ...
Business Wire

Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native Applications

RAMAT GAN, Israel--(BUSINESS WIRE)--Checkmarx, the global leader in software security solutions for DevOps, today announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source ...