ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
Black Duck announced the release of Hub Detect, a capability for its Hub solution that simplifies and streamlines open source management for DevSecOps.
Hub Detect simplifies integration into a DevOps tool chain by providing zero-configuration universal support for all package managers and CI tools. It automatically detects, downloads, and configures the appropriate integrations needed to perform an open source scan. Hub Detect also ensures the most accurate inventory of open source by automatically combining multiple analysis techniques.
“Speed and agility are paramount in DevOps. With Hub Detect we’ve eliminated the complexity of identifying each of the package managers and CI tools in use and the pain of having to configure them individually,” said Black Duck CEO Lou Shipley.
“In short, Hub Detect runs seamlessly within any DevOps toolchain, providing the universal, simple, one-time configuration that automatically finds the best way to identify, analyze and monitor open source code. This enables customers to optimize open source security and reduce risk,” Shipley added.
Black Duck noted that because Hub Detect knows which package managers are being used, it finds the most effective way to scan and analyze the open source code. It combines Black Duck’s signature scanning with analysis of any package managers in use to produce a complete and accurate open source Bill-of-Material (BoM) with minimum false positives or false negatives.
Black Duck said Hub Detect can be added to any CI script execution block, which means it can be used within any CI tool that runs shell-based post-build steps.