Software Composition Analysis

HackerOne and Semgrep Partner to Streamline Code Review for Modern Development

Retrieved on: 
Thursday, January 11, 2024

SAN FRANCISCO, Jan. 11, 2024 /PRNewswire/ -- HackerOne, the leader in human-powered security today announced a partnership with code security solution, Semgrep, to combine Semgrep's automated code security tools with expert support from HackerOne PullRequest code reviewers. Security teams can now analyze code through Semgrep and have PullRequest reviewers validate results to provide recommendations and context. The partnership enables human-in-the-loop testing to improve collaboration between security and development teams to increase the agility, scalability, and accuracy of the entire code review process.

Key Points: 
  • SAN FRANCISCO, Jan. 11, 2024 /PRNewswire/ -- HackerOne , the leader in human-powered security today announced a partnership with code security solution, Semgrep , to combine Semgrep's automated code security tools with expert support from HackerOne PullRequest code reviewers.
  • The partnership enables human-in-the-loop testing to improve collaboration between security and development teams to increase the agility, scalability, and accuracy of the entire code review process.
  • "Friction between development and code security workflows remains a challenge as development assumes more security responsibility," said Isaac Evans, co-founder and CEO of Semgrep.
  • Modern development teams continue to experience false positives from automated tools that hinder speed, while quality code review can lack scalability for high-velocity teams.

Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services

Retrieved on: 
Wednesday, October 25, 2023

Veracode , a leading global provider of intelligent software security, today released new research that unveils the key factors influencing flaw introduction and accumulation in the Financial Services sector.

Key Points: 
  • Veracode , a leading global provider of intelligent software security, today released new research that unveils the key factors influencing flaw introduction and accumulation in the Financial Services sector.
  • “Financial services made a strong showing across the board in this year’s analysis,” said Chris Eng, Chief Research Officer at Veracode.
  • When Financial Services teams completed 10 interactive security training modules, they introduced 26 percent fewer flaws, putting the sector’s performance well above the all-industry average.
  • The Veracode State of Software Security: Financial Services report with full details and recommendations is available to download on the Veracode website .

ForAllSecure Announces First Dynamic Software Bill of Materials for Application Security

Retrieved on: 
Wednesday, October 4, 2023

PITTSBURGH, Oct. 4, 2023 /PRNewswire/ -- ForAllSecure, the world's most advanced application security testing company, today announced the debut of its runtime dynamic Software Bill of Materials (SBOM) solution for its Mayhem Security product to show organizations which components are present at runtime and further prioritize each in order of risk and speed remediation for open source and other third-party software vulnerabilities in code, saving organizations valuable remediation time and resources.

Key Points: 
  • Mayhem now generates a runtime-aware SBOM of components on the application attack surface, and uses this intelligence to prioritize and filter results from Software Composition Analysis (SCA), Static Application Security Testing (SAST), and similar tools.
  • This eliminates AppSec noise and overhead for developers, allowing them to focus on remediating real security issues.
  • Managing software supply chain risks is crucial in today's security threat landscape.
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends that all software provide an inventory of open-source components and other code dependencies.

Arnica's code risk security tools are now available to all Bitbucket users

Retrieved on: 
Thursday, August 31, 2023

ATLANTA, Aug. 31, 2023 /PRNewswire/ -- Arnica, a behavior-based application security platform, announced today that its security capabilities are now accessible to all Bitbucket users, becoming the first pipelineless security solution to provide private security feedback to developers in real time and in-line pull request comments for Bitbucket users.

Key Points: 
  • The integration with Bitbucket gives users access to Arnica's pipelineless application security toolset including code risk scanning, secret scanning, and more
    ATLANTA, Aug. 31, 2023 /PRNewswire/ -- Arnica , a behavior-based application security platform, announced today that its security capabilities are now accessible to all Bitbucket users, becoming the first pipelineless security solution to provide private security feedback to developers in real time and in-line pull request comments for Bitbucket users.
  • Bitbucket, the Atlassian-owned source code management solution, is the preferred tool of over 15 million developers.
  • With Arnica, Bitbucket users are now able to utilize hardcoded secrets mitigation and code risk security scanners like Static Application Security Testing (SAST), Infrastructure as Code (IaC) security scanning, Software Composition Analysis (SCA), and third-party package reputation scanning.
  • We are honored to extend the security capabilities available to Bitbucket users."

Mend.io Launches New Version of Mend for Containers

Retrieved on: 
Tuesday, August 8, 2023

TEL AVIV, Israel and BOSTON, Aug. 8, 2023 /PRNewswire/ -- Mend.io, a leader in application security, today announced Mend for Containers, a range of new features included with Mend's Software Composition Analysis (SCA) to scan container images and registries at scale, as well as providing runtime vulnerability prioritization from Kubernetes clusters to protect cloud-native applications from vulnerabilities and license risks throughout the entire software development lifecycle (SDLC), from code to cloud. 

Key Points: 
  • Mend for Containers helps DevSecOps teams identify threats prior to deployment and enforce security policies for containers, allowing greater control and visibility over the security of applications.
  • "Effective risk reduction approaches for cloud-native applications include taking a holistic approach to the SDLC — finding and remediating risks as they are introduced, from coding with secure practices to evaluating risks with runtime scanning post-deployment," said Jeff Martin, vice president of product at Mend.io.
  • "Mend for Containers brings Mend.io's leading detection and prioritization capabilities to container security, allowing developer teams to ensure quality and security every step of the way."
  • New Mend for Containers features include:

Endor Labs Raises $70M to Reform Application Security and Eliminate Developer Productivity Tax

Retrieved on: 
Thursday, August 3, 2023

The new round of funding, which includes $22M converted to equity from the previous round and comes only 10 months after the company’s launch , will help Endor Labs create effective application security programs that don’t impose a productivity tax on developers.

Key Points: 
  • The new round of funding, which includes $22M converted to equity from the previous round and comes only 10 months after the company’s launch , will help Endor Labs create effective application security programs that don’t impose a productivity tax on developers.
  • “The investment Endor Labs has made in reachability analysis makes them truly stand out,” says Greg Pettengill, Principal Security Engineer at Five9 , an Endor Labs customer.
  • “The Endor Labs team is building a mission critical solution that will not only improve security levels but also vastly improve developers’ ability to build and ship their products.
  • I am thrilled to be joining the Endor Labs Board as they make several breakthroughs in this long ignored space.”

Snyk Strengthens Leadership Team With Deep Enterprise Expertise, Reinforcing Developer Security Market Leadership

Retrieved on: 
Tuesday, July 18, 2023

Collectively, these strategic hires significantly bolster the company’s leadership bench , helping to further solidify Snyk’s developer security leadership.

Key Points: 
  • Collectively, these strategic hires significantly bolster the company’s leadership bench , helping to further solidify Snyk’s developer security leadership.
  • In addition, Snyk recently closed its seventh successful acquisition, Enso Security , allowing global enterprises to now more effectively manage their overall application security posture and govern a developer security program at scale.
  • Prior to his impactful time with Collibra, he was the Head of Security Strategy at ServiceNow, starting the company’s security team.
  • These Leadership Team additions come on the heels of a range of new innovations that further strengthen the Snyk Developer Security Platform announced at SnykLaunch June 2023 .

Brinqa Announces Strategic Partnership with Checkmarx Delivering the Industry’s Most Complete Application Security Solution

Retrieved on: 
Wednesday, June 21, 2023

Brinqa , a leader in cyber risk management, today announced a strategic partnership with Checkmarx , the global leader in application security solutions, to help organizations build world-class application security programs that meet the needs of today’s evolving threat landscape.

Key Points: 
  • Brinqa , a leader in cyber risk management, today announced a strategic partnership with Checkmarx , the global leader in application security solutions, to help organizations build world-class application security programs that meet the needs of today’s evolving threat landscape.
  • This partnership combines the industry leading risk-based prioritization, automation, and reporting in the Brinqa Attack Surface Intelligence Platform with the Checkmarx One™ Application Security Platform , the industry’s most comprehensive application security solution.
  • Fortunately, awareness is growing and regulations are putting increased pressure on organizations to develop strong application security programs.
  • “The partnership between Brinqa and Checkmarx gives our clients an innovative path to solve for modern application security challenges,” said Shawn Asmus, Practice Director of Application Security at Optiv.

Sonatype Named a Leader in Software Composition Analysis (SCA) by Independent Research Firm

Retrieved on: 
Friday, June 16, 2023

Fulton, Md., June 16, 2023 (GLOBE NEWSWIRE) -- Sonatype , the pioneer of software supply chain management, is pleased to announce that it has been recognized as a Leader in The Forrester WaveTM: Software Composition Analysis, Q2 2023.

Key Points: 
  • Fulton, Md., June 16, 2023 (GLOBE NEWSWIRE) -- Sonatype , the pioneer of software supply chain management, is pleased to announce that it has been recognized as a Leader in The Forrester WaveTM: Software Composition Analysis, Q2 2023.
  • Sonatype received the highest score in the current offering category in the report, which identifies the 12 most significant software composition analysis (SCA) providers, and received the highest possible scores in 16 criteria.
  • According to the report, “Sonatype’s differentiated innovation strategy includes security, developers, operations, and legal personas and prevents next-generation supply chain attacks.
  • “We believe this recognition not only highlights the continued progression of our platform, but also our commitment to our customers and their success.

Snyk Named as a Leader in Software Composition Analysis by Independent Research Firm

Retrieved on: 
Tuesday, June 13, 2023

BOSTON, June 13, 2023 (GLOBE NEWSWIRE) -- Snyk , the leader in developer security, today has been recognized as a Leader in The Forrester Wave™: Software Composition Analysis, Q2 2023 report.

Key Points: 
  • BOSTON, June 13, 2023 (GLOBE NEWSWIRE) -- Snyk , the leader in developer security, today has been recognized as a Leader in The Forrester Wave™: Software Composition Analysis, Q2 2023 report.
  • According to the Forrester report, “Snyk is the best fit for fast-paced development, security and operations (DevSecOps) and to provide confidence to deploy frequently.” The report also states, “Snyk’s developer focus allows organizations to move fast without breaking things,” and, “SCA is critical to securing the software supply chain.
  • “In 2023 and beyond, we look forward to helping more global enterprises scale their developer security programs to reap the full benefits of DevSecOps collaboration.”
    Forrester’s acknowledgment is the latest in a series of industry recognitions and milestones.
  • The company also successfully closed its seventh acquisition, announcing as part of SnykLaunch June 2023 , that Tel Aviv-based Enso Security has joined forces with Snyk to provide the industry’s the first and only developer security platform with a holistic view of application security posture.