Sonatype Lift uses deep code analysis to suggest bug fixes

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.

Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code...

At DevSecCon24, find out how to build a Security Champions programme to scale your team

Next week, we’re looking forward to bringing together the amazing speakers, attendees and sponsors of DevSecCon24 to discuss, debate and understand how a Security Champions programme can work. As Snyk’s Field CTO, I’ll be leading a panel with stellar DevSecOps leaders from Twilio, Atlassian and Pearson to delve into how to get started, the challenges and the fine-tuning. Here’s a taster of where the discussion might lead.

The concept of a Security Champions...

Trend Micro partners with Snyk to fight open-source bugs

Cybersecurity leader Trend Micro is partnering up with application security platform Snyk to fight open-source bugs.

Research from Veracode last year found that open-source libraries cause security flaws in 70 percent of apps. Snyk itself has observed a 2.5x growth in open-source vulnerabilities over the past three years.

However, open-source is vital to the advancement of the software development industry. Snyk estimates that around 80 percent of application today is...

GitLab: 2020 was a ‘catalyst for DevOps maturation’

GitLab’s fifth annual DevSecOps survey reveals that last year was pivotal for the maturation of DevOps.

The only silver lining from the disaster of a year that was 2020 is that it helped to highlight inefficiencies with legacy processes and technologies. As the world looks to "build back better" from the pandemic, the work of DevOps teams should provide some inspiration.

Eric Johnson, CTO at GitLab, said:

“This year’s Global DevSecOps Survey shows that...

Incognia launches free Developer Edition to counter mobile app fraud

Incognia has launched a free ‘Developer Edition’ of its mobile fraud prevention solution to help protect users of fintech and m-commerce apps.

Spurred by the pandemic, mobile transactions increased by 250 percent in 2020. According to Adjust’s Mobile Finance Report 2020, investment apps saw a particularly impressive session growth of 88 percent between January and June 2020.

The rapid increase in mobile transactions has attracted fraudsters looking to line their...

Play Store’s AI security blocks almost one million policy-violating apps

Google’s AI-powered Play Store security has blocked almost one million policy-violating apps from reaching users.

In a blog post, Google detailed what it’s been doing to protect the billions of Android users and millions of developers creating apps for the world’s largest mobile platform.

2020 was a year when many of us made sacrifices to our freedoms to protect not just ourselves, but those around us. Unfortunately, criminals sought to take advantage of more...

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

Report: Developing markets are suffering a mobile malware pandemic

Anti-fraud platform Secure-D has released a report highlighting the mobile malware pandemic that developing markets are suffering.

The report is based on Secure-D’s processing of one billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets, helping to protect a total of almost 840 million users.  

Secure-D detected 46,000 malicious apps; with around one in six (16%) mobile devices in emerging markets carrying at least...

The necessary evolution to DevSecOps: Building security into the development lifecycle

Hindsight is a wonderful thing. Looking back on the early stages of DevOps, one moment of 20/20 clarity is that if people were doing it right from the beginning, there would be no need to change DevOps to DevSecOps. Security should have been part of the approach from the start.

Security should always be fundamental, but in a rush to develop new ideas or to deliver applications faster, it may get overlooked. This is – ironically - precisely what happened with DevOps. Establishing...

GitHub’s secret scanning for private repos launches alongside security overview

GitHub has launched its secret scanning tool for private repositories alongside a new security overview dashboard.

The world’s largest repo host first unveiled the fraud-preventing secret scanning feature in May last year as part of GitHub Advanced Security—a package of features that includes code scanning, secret scanning, and dependency reviews.

Secret scanning has been in beta until today. Since it was first announced, GitHub says it has:

Expanded secret...