Reduce Alert Volume and Prioritize Remediation with Deepfactor

Presented by

Kiran Kamity, Deepfactor | Dinesh Mistry, Deepfactor | Chris Clark, Synopsys

About this talk

Engineering teams in many industries are embracing cloud-native development and rapidly adopting open source software, increasing both the frequency and complexity of software releases. The automotive industry’s shift to software-defined vehicles is a great example of retooling to leverage modern development practices while maintaining focus on reducing application risk. In order to understand and address application risk, engineering teams often use software composition analysis (SCA) to discover vulnerable libraries and dependencies. Augmenting SCA scans with dynamic, contextual analysis of the running application can prevent engineering teams from being overwhelmed with vulnerability alerts, reducing the potential impact of security on development. This is particularly true in Kubernetes, where applications utilize several languages and can be spread across dozens if not hundreds of containers and systems. Although identifying the vulnerable containers is step one, determining impact and affected code will help determine priority. To address these challenges, Deepfactor announced a partnership with Synopsys, a leader in application security testing, at KubeCon + CloudNativeCon Europe 2022. The Deepfactor Developer Security integration with Synopsys Black Duck® provides developers with access to enhanced, well-researched Black Duck Security Advisories and runtime security insights such as usage information and method tracing in a single platform, purpose-built to reduce alert volume and prioritize remediation in cloud-native applications.

Related topics:

More from this channel

Upcoming talks (16)
On-demand talks (147)
Subscribers (47659)
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.