Software Composition Analysis (SCA) Cheat Sheet
Only scanning your application code for vulnerable dependencies is not enough to protect against modern threats like software…
Resources Category: All
Cycode: Next-Gen SCA: Pipeline Composition Analysis
Application code dependencies like open source libraries comprise approximately 80-90% of modern application codebases. Organizations that aren’t scanning these dependencies for vulnerabilities aren’t securing their applications.
Cycode: SAST – Static Application Security Testing
Static Application Security Testing (SAST) is used to identify vulnerabilities in custom application code and is often used early in the lifecycle before the application can be run.
Cycode: Source Code Leakage Detection
Code leaks have consequences that impact business operations. This includes exposing intellectual property and trade secrets…
Cycode: Continuous Compliance Across the SDLC
The modern DevOps approach to software development has clear advantages over past approaches, when it comes to efficiency…
Cycode:
Hardcoded Secrets Detection
As DevOps and CI/CD have modernized the SDLC, they have tightened and deepened connections across tools and processes…
Cycode:
Source Control & CI/CD Security
The last decade of application development experienced a staggering amount of innovation. Technologies like containers, Kubernetes…
Cycode:
Infrastructure as-Code Security
In the not too distant past, if developers needed a server, they worked with their IT administrators to procure and rack-and…
Simple SDLC Security Mistakes that Can Cost you Big During Compliance
With software supply chain attacks like SolarWinds, Kaseya, and Codecov regularly making mainstream news headlines…
How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks
Published 15 July 2021 – ID G00752454 By Manjunath Bhat, Dale Gardner…