Sorry, not available in this language yet

English
日本語

SAST

Static application security testing (SAST) helps developers build better code without slowing them down. Read articles from Black Duck cyber security experts to learn how to leverage SAST to address security and quality defects in code as it’s being developed.

53

Stories

20

Writers

Top Writers

Black Duck Editorial Staff

Patrick Carey

Jonathan Knudsen

Last Published

How to detect, prevent, and mitigate buffer overflow attacks

Mar 31, 2024/8 min read

How to detect, prevent, and mitigate buffer overflow attacks

By Natalie Lightner

Tags: Build Security into DevOps, SAST

Mar 18, 2024/3 min read

SAST vs. DAST: What’s the best method for application security testing?

By Apoorva Phadke

Tags: DAST, Build Security into DevOps, Web AppSec, SAST

Considerations before moving away from native apps

Mar 18, 2024/5 min read

Considerations before moving away from native apps

By Vineeta Sangaraju

Tags: Mobile, SAST

Forrester recognizes Black Duck as a Leader in static application security testing

Sep 18, 2023/3 min read

Forrester recognizes Black Duck as a Leader in static application security testing

By Corey Hamilton

Tags: Security News & Trends, SAST

Finding hard-coded secrets before you suffer a breach

Jan 16, 2023/8 min read

Finding hard-coded secrets before you suffer a breach

By Ksenia Peguero

Tags: SCA, Build Security into DevOps, IAST, SAST

Jan 04, 2023/8 min read

How to choose React Native libraries for secure mobile application development

By Vineeta Sangaraju

Tags: Build Security into DevOps, Mobile, SAST

Nov 08, 2022/5 min read

Scalable SAST and SCA in a single solution with Polaris fAST services

By Patrick Carey

Tags: SCA, Build Security into DevOps, SAST, DevSecOps, Manage Security Risks

Oct 16, 2022/2 min read

Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Oct 03, 2022/4 min read

IDE-based application security for developers in IntelliJ

By Steven Zimmerman

Tags: SCA, Build Security into DevOps, SAST, DevSecOps

Celebrating one year of Rapid Scan Static

Jun 26, 2022/6 min read

Celebrating one year of Rapid Scan Static

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

Enterprise applications run your business, so how can you secure them?

Jun 15, 2022/3 min read

Enterprise applications run your business, so how can you secure them?

By Mike McGuire

Tags: SCA, SAST, Manage Security Risks

CyRC Case Study: Securing BIND 9

May 23, 2022/8 min read

CyRC Case Study: Securing BIND 9

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps, CyRC, SAST

Code Sight Standard Edition: Application security optimized for the needs of developers

Feb 09, 2022/4 min read

Code Sight Standard Edition: Application security optimized for the needs of developers

By Raj Kesarapalli

Tags: SCA, Security News & Trends, Build Security into DevOps, SAST, DevSecOps

Dec 15, 2021/8 min read

Detecting Log4j (Log4Shell): Mitigating the impact on your organization

By Michael White

Tags: SCA, Compliance, SAST

How to cyber security: Software supply chain risk management

Dec 14, 2021/4 min read

How to cyber security: Software supply chain risk management

By Jonathan Knudsen

Tags: SCA, Secure the Software Supply Chain, SAST

Don’t let Trojan Source sneak into your code

Nov 16, 2021/2 min read

Don’t let Trojan Source sneak into your code

By Black Duck Editorial Staff

Tags: SAST

Keep infrastructure as code secure with Black Duck

Aug 08, 2021/5 min read

Keep infrastructure as code secure with Black Duck

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

How to run your CodeXM checker

Aug 03, 2021/5 min read

How to run your CodeXM checker

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, SAST

Build developer trust with faster, accurate AppSec testing from Rapid Scan

Jul 27, 2021/2 min read

Build developer trust with faster, accurate AppSec testing from Rapid Scan

By Scott Johnson

Tags: SCA, Agile, CI/CD, Build Security into DevOps, SAST

Shift even further left with blazing-fast Rapid Scan SAST

Jul 21, 2021/2 min read

Shift even further left with blazing-fast Rapid Scan SAST

By Anna Chiang

Tags: Build Security into DevOps, SAST

Getting started with writing checkers using CodeXM

Jul 08, 2021/3 min read

Getting started with writing checkers using CodeXM

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Web application security testing at scale with Coverity SAST

Jun 05, 2021/3 min read

Web application security testing at scale with Coverity SAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

Developing a COVID-19 track and trace app — through the lens of Black Duck

Aug 25, 2020/4 min read

Developing a COVID-19 track and trace app — through the lens of Black Duck

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps, Threat & Risk Assessment, Mobile, IAST, SAST, Public Sector

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

Feb 12, 2020/3 min read

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

By Patrick Carey

Tags: SCA, Security News & Trends, Build Security into DevOps, SAST, DevSecOps

Jan 22, 2020/5 min read

Coverity & Black Duck together. Better. Faster. Stronger.

By Fred Bals

Tags: SCA, Build Security into DevOps, SAST

Jan 18, 2020/4 min read

Synopsys adds GitHub Action for SAST and SCA

By Black Duck Editorial Staff

Tags: SCA, Agile, CI/CD, Build Security into DevOps, SAST

Nov 19, 2019/3 min read

SAST vs. SCA: What’s the difference? Do I need both?

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps, SAST

Integrating Coverity Scan with GitLab CI

Nov 17, 2019/3 min read

Integrating Coverity Scan with GitLab CI

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, SAST

Sep 26, 2019/2 min read

Coverity release ties in well to the latest MITRE CWE Top 25

By Black Duck Editorial Staff

Tags: SCA, Security News & Trends, Compliance, SAST

May 24, 2019/3 min read

How are code quality and code security related?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Internet of Things

Announcing Code Sight 2019.4

May 08, 2019/1 min read

Announcing Code Sight 2019.4

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, SAST

Why dependencies matter for SAST

Jan 29, 2019/7 min read

Why dependencies matter for SAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, SAST

Let’s write more CodeXM checkers (second-stage ignition)

Sep 14, 2018/6 min read

Let’s write more CodeXM checkers (second-stage ignition)

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Securing applications with Coverity’s static analysis results

Aug 26, 2018/3 min read

Securing applications with Coverity’s static analysis results

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends, SAST

Integrating Coverity static analysis into development workflows

Aug 19, 2018/2 min read

Integrating Coverity static analysis into development workflows

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, SAST

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Aug 14, 2018/2 min read

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

By Fred Bals

Tags: IAST, Web AppSec, SAST, Manage Security Risks

Common security challenges in CI/CD workflows

Jul 10, 2018/9 min read

Common security challenges in CI/CD workflows

By Meera Rao

Tags: Agile, CI/CD, SAST, Manage Security Risks

Vulnerable routers are still out there—and hackers are noticing

Jul 01, 2018/4 min read

Vulnerable routers are still out there—and hackers are noticing

By Taylor Armerding

Tags: Security News & Trends, SAST, Internet of Things

May 07, 2018/9 min read

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

By Meera Rao

Tags: Agile, CI/CD, Build Security into DevOps, SAST, DevSecOps

Detecting Spectre vulnerability exploits with static analysis

Mar 21, 2018/8 min read

Detecting Spectre vulnerability exploits with static analysis

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Can Coverity automatically ignore issues in third-party or noncritical code?

Feb 19, 2018/4 min read

Can Coverity automatically ignore issues in third-party or noncritical code?

By Kris Diefenderfer

Tags: Build Security into DevOps, SAST

What you need to know about BlueBorne Bluetooth flaws

Sep 12, 2017/3 min read

What you need to know about BlueBorne Bluetooth flaws

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, SAST, Internet of Things

Swift: Close to greatness in programming language design, Part 2

Mar 22, 2017/6 min read

Swift: Close to greatness in programming language design, Part 2

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

How to prevent SQL injection attacks: A cheat sheet

Dec 14, 2016/2 min read

How to prevent SQL injection attacks: A cheat sheet

By Jamie Boote

Tags: Build Security into DevOps, SAST, Manage Security Risks

Nov 28, 2016/4 min read

5 reasons to use third-party authentication instead of creating your own

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Compliance, SAST

Nov 07, 2016/5 min read

How to choose between closed source and open source software

By Jamie Boote

Tags: Build Security into DevOps, SAST

Open source security management: A question of when, not whether

Oct 14, 2016/3 min read

Open source security management: A question of when, not whether

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends, SAST

Aug 08, 2016/3 min read

Avoiding false positives in application security through customization

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

Mar 15, 2016/3 min read

How to do static analysis testing in 6 easy steps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, SAST, Manage Security Risks

Feb 10, 2016/2 min read

Static analysis tools: Are they the best for finding bugs?

By Apoorva Phadke

Tags: Build Security into DevOps, SAST, Manage Security Risks

Jan 27, 2016/5 min read

When and how to support static analysis tools with manual code review

By Mike Lyman

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

Sep 23, 2015/7 min read

Benefits of Code Scanning for Code Review

By Mike Lyman

Tags: Security News & Trends, Build Security into DevOps, SAST

On detecting Heartbleed with static analysis

Apr 13, 2014/4 min read

On detecting Heartbleed with static analysis

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, SAST

53

Stories

20

Writers

Top Writers

Black Duck Editorial Staff

Patrick Carey

Jonathan Knudsen

Last Published