#SAST

OpsMatters

@opsmatters.com

3 days ago

Veracode Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

The latest update for #Veracode includes "The 36% Surge in High-Risk Vulnerabilities: What It Means for Your Business" and "The Next Generation of #SAST Scanning".

#cybersecurity #softwaresecurity #AppSec #DevSecOps https://opsmtrs.com/3eO6tf7

AI Daily Post

@aidailypost.com

4 days ago

Anthropic and OpenAI just uncovered a SAST blind spot that free tools are flagging in fintech code. Think your API is safe? The new findings could change how we secure AI‑driven finance. Dive into the details. #AISecurity #SAST #FintechSecurity

🔗 aidailypost.com/news/anthrop...

PVS-Studio

@cody-programmer08.bsky.social

1 week ago

^ != << In some languages, the ′^′ operator can be used for exponentiation, but in other popular development stacks, it operates as the exclusive OR (XOR) operator. Today, we′ll discuss how this confusion...

🐻‍❄️ As we announced before, we opened the Early Access Program for the Go static analyzer. Now it’s time to show you how our "newcomer" deals with a simple yet so noisy and pesky error that occurs due to the operator XOR.

#Go #Golang #SAST #Development #CodeErrors

OpsMatters

@opsmatters.com

1 week ago

Veracode Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

The latest update for #Veracode includes "The Next Generation of #SAST Scanning" and "The Security Debt Crisis: Why 82% of Organizations Are Struggling".

#cybersecurity #softwaresecurity #AppSec #DevSecOps https://opsmtrs.com/3eO6tf7

Bill

@sempf.infosec.exchange.ap.brid.gy

3 weeks ago

Oh man. Bruce has some words and they are singing my tune. The code review is getting solid.

www.schneier.com/blog/archives/2026/02/ai...

#genai #sast

cy//ective

@cyllective.bsky.social

1 month ago

How To Audit Plugin Ecosystems How we audit plugin ecosystems, using (Nextcloud|ownCloud) as an example

🚀 New blog post: How to Audit Plugin Ecosystems 🔧🔥
Our reusable 4‑step method helped us navigate 600+ Nextcloud/ownCloud plugins & find some vulns.

cyllective.com/blog/posts/h...

#CyberSecurity #AppSec #Nextcloud #ownCloud #infosec #pentest #SAST

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Discover MEDUSA: the AI-driven SAST tool with 74 scanners & 180+ security rules, revolutionizing app security testing. #CyberSecurity #AppSec #AI #SAST #MEDUSA Link: thedailytechfeed.com/ai-powered-m...

@martintodorov.bsky.social

2 months ago

How To Set Up GitHub Code Quality GitHub recently released a new feature called Code Quality. It brings static analysis, intelligent automation and actionable feedback…

If you'd like to find out how to set up GitHub Code Quality, you can check out my latest article on Medium.

#cicd
#codequality
#devops
#devsecops
#git
#github
#ghas
#codeql
#dependabot
#scm #vcs #versioncontrol
#sast
#devlearning #softwaredevelopment #softwareengineering

medium.com/devops-by-na...

OWASP® Foundation

@owasp.org

2 months ago

🎯 Kick off 2026 with OWASP London Training Days! Join Josh Grossman’s updated 2-Day training: Building a High-Value AppSec Scanning Programme (2026). Cut through SAST, DAST & SCA noise and deliver real AppSec value.📍 Secure your spot now: londonowasptrainingd...

#appsec #training #DAST #SAST #SCA

Red Hot Cyber

@redhotcyber.bsky.social

2 months ago

Il Futuro dello Sviluppo Sicuro del Software: tra Sast, Dast, Iast, Sbom, Pentest e Tool Agentici

📌 Link all'articolo : www.redhotcyber.com/post/il-...

#redhotcyber #news #sicurezzainformatica #sicurezzadelleapplicazioni #cybersecurity #testdisicurezza #sast

David L.

@david-l2.bsky.social

2 months ago

#CZ12A #CASC #SAST #JSLC

David L.

@david-l2.bsky.social

2 months ago

#CZ12A #CASC #SAST #JSLC

David L.

@david-l2.bsky.social

2 months ago

Le 1er lanceur CZ-12A a décollé de Jiuquan le 23 décembre 2025 à 2h00 GMT.

La tentative de retour contrôlé du 1er étage est un échec.

#CZ12A #CASC #SAST #JSLC

@distroless.bsky.social

2 months ago

Are MCP servers the next big gap in cyber security?

You cannot simply "scan" MCP servers for all their attack vectors with traditional app sec tools (sast, dast and sca)

I think there will be a lot more to come in this space in the coming years #ai #aisec #cybersec #sast #dast #hacking #mcp

OpsMatters

@opsmatters.com

2 months ago

Aikido Aikido Security is an automated application security platform designed specifically for software engineering teams.

The latest update for #AikidoSecurity includes "#AI #Pentesting in Action: A TL;DV Recap of Our Live Demo" and "#SAST in the IDE is now free: Moving SAST to where development actually happens".

#Cybersecurity #AppSec #DevSecOps https://opsmtrs.com/48vGyRP

OpsMatters

@opsmatters.com

3 months ago

Mend Mend identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle.

The latest update for #Mendit includes "Shai-Hulud: The Second Coming" and "Best #SAST tools: Top 10 solutions in 2025".

#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d

Maikel Mardjan

@nocomplexity.bsky.social

3 months ago

Every Python package that is able to dynamically load code is suspicious by default! Use github.com/nocomplexity... to check what happens.

#pycon #python #owasp #infosec #appsec #programming #sast

OpsMatters

@opsmatters.com

3 months ago

Mend Mend identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle.

The latest update for #Mendit includes "Best #SAST tools: Top 10 solutions in 2025" and "#AppSec metrics fail, Mend.io's Risk Reduction Dashboard fixes it".

#CyberSecurity #DevOps #OpenSource #Compliance https://opsmtrs.com/3zEYo7d

C.Ellyson-tech career blueprint

@techwithellyson.bsky.social

4 months ago

Shift-left security in CI/CD.
Run SAST, SCA (dependency scanning), and infra-as-code linting during the build stage. Fail the build on high-severity findings — not after deploy. Protect pipeline credentials with short-lived tokens.
#DevSecOps #CICD #SAST

Semgrep

@semgrep.com

4 months ago

The Semgrep Community Edition (CE) Fall 2025 release is here with:

⚡ Up to 3× faster scans on large repos
💻 Native Windows support — no WSL required
🌍 Now runs on 500 million+ more machines

👉 Read the full blog: semgrep.dev/blog/2025/se...

#Semgrep #AppSec #DevSecOps #OpenSource #SAST

Damien Bowden

@damienbod.com

4 months ago

Production ready web application with full automation and recommended application security @rufer.be @renegadexx.bsky.social

github.com/secure-web-a...

#aspnetcore #aspire #sonarqube #sonar #github #angular #terraform #sast #authentication #entra #identity #dotnet #sast

StackHawk

@stackhawk.bsky.social

4 months ago

Same vulnerability. Two tools. Double the effort.

The hidden cost of AppSec tool sprawl is duplication, not risk.

Correlating SAST + DAST cuts triage time, clarifies priorities, and accelerates fixes.

🔍 Learn more: www.stackhawk.com/blog/sast-da...

#AppSec #DevOps #SAST #DAST

StackHawk

@stackhawk.bsky.social

4 months ago

@semgrep.com 🔗 @stackhawk.bsky.social

Correlated findings. Real risk clarity.

Connect code-level issues with runtime exploitability to:
✅ Cut duplicate alerts
✅ Reduce false positives
✅ Prioritize what’s truly exploitable

Learn more: www.stackhawk.com/blog/stackha...

#SAST #DAST

Nikos Vaggalis

@nikosvg.bsky.social

4 months ago

Qodana Revisited-"It's been some years since we first looked at #Qodana, the solid #SAST tool from @jetbrains.com
Let's find out what's new since then"
On IProgrammer: cutt.ly/Tr8gKvW3

Maikel Mardjan

@nocomplexity.bsky.social

4 months ago

The quality of modern #Python software relies heavily on the effective use of static code analysis tools.
Never trust, always verify!
So use the #FOSS #SAST #tool #Python #Code Audit - github.com/nocomplexity...

#pythonbrasil #hw_ioNL2025 #appsec #owasp #pycon #PyTorchCon #infosec

Dominique Righetto

@righettod.eu

4 months ago

📖 References & tools used:

- ollama.com
- ollama.com/library/qwen...
- github.com/gitleaks/git...
- github.com/righettod/to...

#appsec #appsecurity #sast #ai

LLMs

@llms.activitypub.awakari.com.ap.brid.gy

4 months ago

Когда одного агента мало: практический кейс применения мультиагентной системы Привет! Меня зовут Егор Козл...

#ai #agents #llm #systems #sast #ai-agents #graph

Origin | Interest | Match

LLMs

@llms.activitypub.awakari.com.ap.brid.gy

4 months ago

Когда одного агента мало: практический кейс применения мультиагентной системы Привет! Меня зовут Егор Козл...

#ai #agents #llm #systems #sast #ai-agents #graph

Origin | Interest | Match

LLMs

@llms.activitypub.awakari.com.ap.brid.gy

4 months ago

Когда одного агента мало: практический кейс применения мультиагентной системы Привет! Меня зовут Егор Козл...

#agents #AI #graph #llm #SAST #systems

Origin | Interest | Match