
Architecture Erosion in Agile Development
Software architecture erosion refers to the gap between the planned and actual architecture of a software system as observed in its implementation.1 Architecture erosion is a common and recurring problem faced by many agile development teams. Architecture erosion can result in lower quality, increased complexity, and harder-to-maintain software. At the beginning of a project, the source …
Continue reading “Architecture Erosion in Agile Development”

2022 OSSRA discovers 88% of organizations still behind in keeping open source updated
Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2022 OSSRA report. It’s the time of the year when Spring is springing, and we release the annual Synopsys Open Source Security and Risk (OSSRA) report, with the 7th edition of OSSRA out this week. This year’s …

Synopsys Named a Leader in the 2022 Gartner Magic Quadrant for Application Security Testing for the Sixth Year
In the 2022 Gartner® Magic QuadrantTM for Application Security Testing, Synopsys placed highest and farthest right for the fourth consecutive year for our Ability to Execute and our Completeness of Vision. What does it take to be a leader? Leadership is a funny thing. It’s often difficult to define in the abstract but easy to …

What is the maturity level of your AppSec program?
Using the Forrester assessment, you can measure the maturity of your AppSec program to help identify areas for improvement. Any organization that wants to secure its software should make maturity of its AppSec program its holy grail. Maturity means making security the first thought, not an afterthought. It means embedding security into software throughout the …
Continue reading “What is the maturity level of your AppSec program?”

AppSec Decoded: Building security into DevSecOps
Our experts discuss the changes organizations are making to their processes and AST tool management to achieve more effective DevSecOps. Application security testing is evolving to meet the speed at which DevOps teams operate. Processes and tools are more fast-paced and rely on integration and automation to maintain efficiency throughout the software development life cycle (SDLC). But …
Continue reading “AppSec Decoded: Building security into DevSecOps”

Ensuring Quality in Microservices Architecture with Support for gRPC Testing
Lock in quality if you try gRPC Microservices architecture. Many organizations today recognize it enables faster and easier software changes over more traditional monoliths. Microservices have become the backbone for how organizations develop cloud-native applications – programs that run independently in containers designed for cloud computing architectures. Companies of every size are rethinking how they …
Continue reading “Ensuring Quality in Microservices Architecture with Support for gRPC Testing”

Test Automation 101
Every company is a digital company. Whether you are a traditional e-commerce company who has been selling goods online for years, a healthcare company who recently needed to accelerate online visits for telehealth, or a company whose business model has drastically shifted due to Covid, the need for digital transformation is here. Chapter 1 of our eBook The Future of Test Automation goes …

How to Get Started Testing: Best Test Cases to Automate
Testing is a critical step if you want to ensure quality in your products. It’s crucial to test your applications to make sure they work properly – otherwise, customers are less likely to buy or continue to use them. While important, software testing can be a repetitive process that takes time and resources you’d probably rather use for tasks that deliver innovation to the functionality or performance. This is where test automation comes in. In order …
Continue reading “How to Get Started Testing: Best Test Cases to Automate”

How Lattix handled the Log4j security vulnerability
“The log4j vulnerability is the most serious vulnerability I have seen in my decades-long career”, Jen Easterly US Cybersecurity and Infrastructure Security Agency Director Log4j is a Java-based logging utility part of the Apache logging services. This is a popular logging tool used in tens of thousands of software packages. Google estimates that 8% of Maven Central Repository was …
Continue reading “How Lattix handled the Log4j security vulnerability”

“Plug In” to SwaggerHub for IntelliJ IDEA: A Java Developer’s New Best Friend
Integrated development environments, or IDEs as most people call them, are the go-to tool for the majority of software developers creating, compiling, and testing code. In fact, IDEs are one of the most commons tools that developers will use when designing their API (Application Programming Interfaces) documentation. According to the 2020 State of the API Report, …
Continue reading ““Plug In” to SwaggerHub for IntelliJ IDEA: A Java Developer’s New Best Friend”