Article: Checkov 2.0 Launches as the First Open-Source Cloud Infrastructure Scanner With Dependency Awareness

Open Infrastructure, Open Source

Checkov 2.0 Launches as the First Open-Source Cloud Infrastructure Scanner With Dependency Awareness

“This release is the most significant update to Checkov since it launched in 2019,” said Matt Johnson, Bridgecrew developer advocate lead at Palo Alto Networks. “Dependency awareness means developers have even more context earlier in the development lifecycle, helping companies around the world better secure their cloud infrastructure.”

According to a recent survey produced by Secure Code Warrior, 70% of organizations recognize the importance of secure coding practices, indicating an industry-wide shift from reaction to prevention and an embrace of DevSecOps. Unlike other static code analysis tools that rely on interim ad hoc modeling, Checkov is now built on a graph-based model that provides an entirely new way of modeling configuration risk in cloud native software composition. That context awareness ensures more relevant and reliable scan results, making it easier for developers to prioritize and understand the impact of identified misconfigurations.

Read Full Article

Article: Open-source software verification of open-source hardware design like RISC-V possesses many new challenges.

Design, Open Source, Open Space

Open-source software verification of open-source hardware design like RISC-V possesses many new challenges.

The allure of open-source hardware is the flexibility for designers to create their own CPU-based platforms. Advocates believe that freely available open-source systems will encourage a new wave of processor innovation and create new market segments. These advocates point to the increasing amount of open-source IP that is available and being implemented in many new chip designs. But what about verification?

While the design community is encouraged, the verification engineers are cautious. In the past, instruction set architectures (ISA) used with intellectual property (IP)-based processors came from a single source, e.g., Arm, Intel, AMD, etc. These ISAs utilized industry verification tools and methodologies.

Read Full Article