SDxCentral

Endor Labs, 7 Others Launch Opengrep to Keep Static Code Analysis Open Source

Endor Labs has collaborated with Aikido Security, Arnica, Amplify, Kodem, Legit, Mobb, and Orca Security to introduce Opengrep, an initiative designed to maintain open access to static code analysis ...
Design-Reuse

Using static analysis to detect coding errors in open source security-critical server applications

Editor’s Note: Excerpted from their book Embedded Systems Security, the authors go through an analysis of three popular, security-critical open source applications - Apache, OpenSSL, and sendmail – ...
heise online

Reaction to Semgrep: Opengrep secures open code analysis tools

A consortium of over ten application security organizations has created Opengrep as a fork of Semgrep CE (Community Edition, formerly Semgrep OSS) to provide an open and accessible platform for static ...
Nature

Static Code Analysis and Bug Detection

Static code analysis and bug detection are integral to modern software engineering, providing a systematic approach to identify defects and security vulnerabilities without executing the code. By ...
Dark Reading

Open Source LLM Tool Sniffs Out Python Zero-Days

Researchers at Protect AI have released Vulnhuntr, a free, open source static code analyzer tool that can find zero-day vulnerabilities in Python codebases using Anthropic's Claude artificial ...
TechRepublic

Top Security Tools for Developers

Security tools help software development teams proactively identify and mitigate application vulnerabilities. By detecting and fixing security issues early in the development process, they can reduce ...
Dark Reading

Reachability Analysis Pares Down Static Security-Testing Overload

AI assistants are a double-edged sword for developers. On one hand, code-generation assistants have made creating barebones applications easier and led to a surge in code pushed to GitHub. Yet just as ...