首页 > 最新消息 >BlackDuck发布Rapid Scan Static (Sigma) 原码检测引擎 2025.1.0

最新消息

2025-02-03

BlackDuck发布Rapid Scan Static (Sigma) 原码检测引擎 2025.1.0


Black Duck Rapid Scan StaticSigma)是一种快速且轻巧的静态分析引擎,用于寻找和修复漏洞。 它在 Black Duck CoverityPolarisCode Sight  SCA 中自动运行,或者您可以在 CI/CD 管道中独立执行引擎。 Rapid Scan Static 具有数百种 API 安全性、基础架构即程式码 (IaC)、硬编码秘密扫描 (HSS) 和污点流检查,可协助保护您的云端部署和原始程式码。

 2025.1.0 中,我们透过对 Java  Python 进行新的或改进的检查来提高了我们的检测能力。我们也透过 Hardcoded Secret检测功能,提高了结果的精确度。

Black Duck Rapid Scan Static (Sigma) is a fast and light static analysis engine for finding and remediating vulnerabilities.  It runs automatically in Black Duck Coverity, Polaris, Code Sight, and SCA, or you can execute the engine standalone in your CI/CD pipeline.  Rapid Scan Static has hundreds of API safety, infrastructure-as-code (IaC), hardcoded secret scanning (HSS), and taint flow checks to help secure your cloud deployments and source code. 

Welcome to the New Year and another series of monthly releases of Rapid Scan Static.

In 2025.1.0 we improved our detection capabilities with new or improved checks for Java and Python. We also improved result precision with hardcoded secret detection.

A detailed description of all the content added is available as Release Notes (Community Login Required): Black Duck Documentation Portal  

We look forward to hearing your feedback on all the new capabilities in this release.