Tagged articles

23 articles

Page 1 of 1

May 3, 2026 · Information Security

Claude Security Public Beta: How AI‑Driven Scanning Moves Code Security into Production

Claude Security’s public beta demonstrates how Anthropic’s AI‑driven scanner moves vulnerability detection from post‑deployment patching to pre‑commit prevention, offering full‑repo analysis, multi‑stage verification, IDE integration, lower false positives, and sparking industry debate over dual‑use risks and regulatory impact.

AI code scanningAnthropicClaude Security

0 likes · 10 min read

Claude Security Public Beta: How AI‑Driven Scanning Moves Code Security into Production

Node.js Tech Stack

Feb 21, 2026 · Information Security

Anthropic’s Claude Code Security: Why This AI Agent Sent Cybersecurity Stocks Tumbling

Anthropic unveiled Claude Code Security, an AI‑driven code‑security scanning agent that reads code logic to find business‑logic and access‑control flaws, prompting a sharp drop in several cybersecurity stocks as analysts debate its technical edge, market timing, and broader impact on the security industry.

AI code scanningAnthropicClaude Code Security

0 likes · 10 min read

Anthropic’s Claude Code Security: Why This AI Agent Sent Cybersecurity Stocks Tumbling

Woodpecker Software Testing

Dec 25, 2025 · Information Security

How BugTrace‑AI Leverages Generative AI to Supercharge Penetration Testing

BugTrace‑AI is an open‑source suite that combines generative AI with SAST, DAST, and specialized reconnaissance and payload tools to automate vulnerability hypothesis generation, streamline scanning, and provide actionable reports, all delivered through a lightweight React interface and Docker deployment.

AIDASTDocker

0 likes · 5 min read

How BugTrace‑AI Leverages Generative AI to Supercharge Penetration Testing

Ops Development & AI Practice

Sep 18, 2025 · Information Security

Choosing the Right Java Security Testing Tool: SAST vs DAST vs IAST Explained

This article examines script injection threats in Java applications and compares static, dynamic, and interactive security testing tools—SAST, DAST, and IAST—highlighting their strengths, weaknesses, and popular options to help developers select the most suitable solution.

Application SecurityDASTIAST

0 likes · 9 min read

Choosing the Right Java Security Testing Tool: SAST vs DAST vs IAST Explained

Ops Development & AI Practice

Sep 4, 2025 · Industry Insights

Building a Multi‑Dimensional Code Quality & Security Framework: 5 Essential Pillars

In today’s fast‑paced software landscape, a comprehensive, automated code quality and security system built around SAST, SCA, IaC scanning, secrets detection, and automated code review is essential for preventing defects, data breaches, and costly downtime across the entire development lifecycle.

SASTSCASoftware Security

0 likes · 8 min read

Building a Multi‑Dimensional Code Quality & Security Framework: 5 Essential Pillars

Ops Development & AI Practice

Aug 24, 2025 · Operations

Beyond SAST: Integrating Code Quality Checks in GitLab CI/CD

This article explains why GitLab's built‑in SAST focuses solely on security, distinguishes it from code‑quality analysis, and provides two practical ways—using the official Code‑Quality template and integrating custom linters—to add comprehensive code‑quality checks into your CI/CD pipelines.

GitLabSASTci/cd

0 likes · 7 min read

Beyond SAST: Integrating Code Quality Checks in GitLab CI/CD

Ops Development & AI Practice

Aug 23, 2025 · Information Security

Why an Empty ‘vulnerabilities’ Array Means Your GitLab SAST Scan Passed

The article explains GitLab SAST’s standardized JSON report format, walks through the meaning of the scan metadata and the vulnerabilities array, and shows that an empty vulnerabilities list together with a success status simply indicates a clean, successful static analysis run.

GitLabJSON reportSAST

0 likes · 7 min read

Why an Empty ‘vulnerabilities’ Array Means Your GitLab SAST Scan Passed

Ops Development & AI Practice

Aug 23, 2025 · Information Security

Why You Should Enable Both SAST and Dependency Scanning in GitLab CI/CD

In GitLab CI/CD pipelines, SAST and Dependency Scanning are independent, complementary security mechanisms—one inspects your own source code while the other checks third‑party libraries—so enabling both provides a comprehensive defense against vulnerabilities.

Dependency ScanningDevSecOpsGitLab

0 likes · 7 min read

Why You Should Enable Both SAST and Dependency Scanning in GitLab CI/CD

Huolala Tech

Aug 12, 2025 · Information Security

Can AI Boost Traditional SAST to Detect Complex Logic Bugs?

This article explores a hybrid approach that combines traditional static application security testing (SAST) with large language models (LLM) to automatically detect business‑logic vulnerabilities, detailing the methodology, implementation stages, experimental results, and the challenges of integrating AI into code security analysis.

AILLMSAST

0 likes · 15 min read

Can AI Boost Traditional SAST to Detect Complex Logic Bugs?

FunTester

Jul 28, 2025 · Information Security

Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code

This article explores the core principles, strengths, and limitations of four major application security testing approaches—Static (SAST), Dynamic (DAST), Interactive (IAST), and Runtime Application Self‑Protection (RASP)—and compares them in a concise table to guide developers in building a comprehensive security strategy.

Application SecurityDASTDevSecOps

0 likes · 8 min read

Unlocking App Security: How SAST, DAST, IAST, and RASP Protect Your Code

Cloud Native Technology Community

Sep 7, 2023 · Information Security

Kubernetes Security Testing: Importance, Methods, and Best Practices

This article explains why security testing is critical for Kubernetes clusters, outlines key testing approaches such as SAST, DAST, container image scanning, configuration audits, and network policy testing, and provides practical steps for integrating these methods into CI/CD pipelines to ensure robust cloud‑native security.

Configuration AuditContainer ScanningDAST

0 likes · 9 min read

Kubernetes Security Testing: Importance, Methods, and Best Practices

Software Development Quality

May 16, 2023 · Information Security

Mastering DevSecOps: Essential Security Testing Strategies for Modern Applications

As DevOps accelerates software delivery, integrating robust security testing—through static, dynamic, interactive application security testing and software composition analysis—becomes essential, and this article explains the importance, methods, tools, and best practices, including Huawei Cloud’s approach, to ensure comprehensive protection across the development lifecycle.

DASTDevSecOpsIAST

0 likes · 15 min read

Mastering DevSecOps: Essential Security Testing Strategies for Modern Applications

Software Development Quality

May 13, 2023 · Information Security

Top SAST and DAST Tools for DevSecOps: Boost Your Software Security

This article explains how security testing tools integrate into DevOps to form a DevSecOps model, outlines the differences between static and dynamic application security testing, and reviews popular SAST and DAST solutions that help protect software throughout its lifecycle.

DASTDevSecOpsSAST

0 likes · 10 min read

Top SAST and DAST Tools for DevSecOps: Boost Your Software Security

DevOps

Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST

0 likes · 13 min read

Security Testing Practices in DevSecOps and Huawei Cloud

DevOps

Jan 21, 2022 · Information Security

Enterprise DevSecOps: Integrating Security into DevOps

This article provides a comprehensive guide to implementing DevSecOps in enterprises, covering fundamental principles, collaboration between security and development teams, integration of security testing, building a secure toolchain, and practical strategies for scaling security within DevOps pipelines.

AutomationDevOpsDevSecOps

0 likes · 62 min read

Enterprise DevSecOps: Integrating Security into DevOps

DevOps Engineer

Nov 10, 2021 · Information Security

Guide to Using Synopsys Polaris SaaS for Static Application Security Testing (SAST)

This article explains what Synopsys Polaris is, lists the programming languages it supports, describes how to access the SaaS platform, install the CLI, configure the polaris.yml file with capture and analysis settings, and run scans to obtain detailed vulnerability reports.

Code ScanningPolarisSAST

0 likes · 6 min read

Guide to Using Synopsys Polaris SaaS for Static Application Security Testing (SAST)

58 Tech

Apr 23, 2021 · Information Security

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.

ASTCodeQLJava

0 likes · 24 min read

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

58 Tech

Apr 19, 2021 · Information Security

Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection

This article introduces the importance of source code security scanning in CI/CD pipelines, explains static application security testing (SAST), compares major commercial and open-source Java analysis tools, and presents the selection criteria and conclusions that guided 58 Group's Java white-box scanning solution.

JavaSASTSecurity

0 likes · 16 min read

Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection

Top Architect

Jan 3, 2021 · Information Security

Top 7 Static Code Analysis Tools: Features, Languages, and Pricing

This article reviews seven popular static code analysis tools, outlining why static analysis matters, each tool's key features, drawbacks, supported languages, and pricing to help developers choose the right solution for improving code quality and security.

DevOpsSASTSecurity

0 likes · 11 min read

Top 7 Static Code Analysis Tools: Features, Languages, and Pricing

Architects Research Society

Jul 28, 2020 · Information Security

11 Practical Tips for Delivering Security as Code in DevOps

This article explains what "security as code" means, why shifting security left in the software development lifecycle matters, and provides eleven actionable tips—including understanding Secure SDLC, using SAMM, integrating SAST/DAST, and automating security checks—to help teams embed security directly into their DevOps pipelines.

AutomationDASTDevSecOps

0 likes · 10 min read

11 Practical Tips for Delivering Security as Code in DevOps

Ctrip Technology

Jul 9, 2020 · Information Security

Ctrip's DevSecOps Practices and Challenges

The article details Ctrip's DevSecOps challenges and solutions, covering security team structuring, threat modeling, SCA and SAST integration, IAST/DAST architecture, vulnerability management, and the resulting improvements in automated security testing within a high‑frequency CI/CD environment.

DevSecOpsIASTSAST

0 likes · 12 min read

Ctrip's DevSecOps Practices and Challenges

DevOps

Apr 21, 2020 · Information Security

Integrating SAST Tools into a DevSecOps Pipeline: Five Key Checkpoints and Best Practices

This article explains how to embed static application security testing (SAST) into a DevSecOps CI/CD pipeline by defining five essential checkpoints—pre‑commit, commit‑time, build‑time, test‑time, and deployment—covering purpose, benefits, handling false positives, result merging, custom rule sets, and automation strategies.

DevSecOpsSASTci/cd

0 likes · 20 min read

Integrating SAST Tools into a DevSecOps Pipeline: Five Key Checkpoints and Best Practices

dbaplus Community

Oct 19, 2019 · Information Security

Mastering Enterprise Code Auditing: Strategies, Tools, and Best Practices

This comprehensive guide explains why code auditing is essential for modern enterprises, compares enterprise and white‑hat audits, outlines a seven‑step methodology, and reviews both open‑source and commercial SAST tools with practical case studies across PHP, Node.js, Python, and Go.

DevSecOpsDynamic analysisSAST

0 likes · 24 min read

Mastering Enterprise Code Auditing: Strategies, Tools, and Best Practices