Integrating Clang Static Analyzer with CodeSonar using SARIF

We have discussed the benefits of using SARIF, an open standard for exchanging static analysis results, in a previous post....

CodeSonar in the SWAMP

INTRODUCTION:

The Software Assurance Marketplace (SWAMP) is an open tool set designed to improve quality and security...

The Role of Static Application Security Tools (SAST) in DevSecOps

The term DevSecOps is a contraction of DevOps, itself a contraction of Developer Operations, and Security. It’s the in-vogue...

How Does the OWASP Top 10 Apply to C/C++ Development?

The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving web software security....