Cloud-native security startup Aqua Security Software Ltd. has spent some of the money it raised earlier this year to acquire an open-source scanning tool called tfsec. The company said that with today ...

Why it matters: What if companies and independent software developers could spot security flaws in their programs before releasing them to the public? GitHub now has a tool that can help them do just ...

Unlike dynamic analysis techniques, SAST operates without executing the program, focusing entirely on the static codebase.

Software supply chain security provider Arnica has added new real-time scanning tools to its namesake code-security suite, including static application security testing (SAST), infrastructure as code ...

IBM said on Tuesday that it has acquired Ounce Labs, a maker of enterprise tools for detecting software flaws during the development process, for an undisclosed sum. Earlier this year, IBM released ...

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More GitHub is officially launching a new code-scanning tool today, designed ...

A group of nine application security service providers announced they would "fork" the popular code-scanning project Semgrep, creating a new codebase, after a series of moves by the eponymous startup ...

GitHub has released a host of third-party security tools for its just-launched code-scanning feature, which helps open-source projects nix security bugs before they hit production code. GitHub Code ...

The high cost of finding and patching application flaws is well known. Wouldn’t it be cheaper to write secure code in the first place? One of the fastest growing areas in the software security ...

To really secure software, you need to know what’s inside its code. That’s why a software bill of materials (SBOM) is essential today. It used to be that we didn’t worry that much about our code’s ...

Etherscan, one of the most commonly used Ethereum blockchain scanning websites, introduced a tool that uses artificial intelligence (AI) to help users interpret the source code of smart contracts, ...