BlackDuck發布Rapid Scan Static (Sigma) 原碼檢測引擎 2025.1.0

Black Duck Rapid Scan Static（Sigma）是一種快速且輕巧的靜態分析引擎，用於尋找和修復漏洞。 它在 Black Duck Coverity、Polaris、Code Sight 和 SCA 中自動運行，或者您可以在 CI/CD 管道中獨立執行引擎。 Rapid Scan Static 具有數百種 API 安全性、基礎架構即程式碼 (IaC)、硬編碼秘密掃描 (HSS) 和污點流檢查，可協助保護您的雲端部署和原始程式碼。

在 2025.1.0 中，我們透過對 Java 和 Python 進行新的或改進的檢查來提高了我們的檢測能力。我們也透過 Hardcoded Secret檢測功能，提高了結果的精確度。

Black Duck Rapid Scan Static (Sigma) is a fast and light static analysis engine for finding and remediating vulnerabilities.  It runs automatically in Black Duck Coverity, Polaris, Code Sight, and SCA, or you can execute the engine standalone in your CI/CD pipeline.  Rapid Scan Static has hundreds of API safety, infrastructure-as-code (IaC), hardcoded secret scanning (HSS), and taint flow checks to help secure your cloud deployments and source code. 

Welcome to the New Year and another series of monthly releases of Rapid Scan Static.

In 2025.1.0 we improved our detection capabilities with new or improved checks for Java and Python. We also improved result precision with hardcoded secret detection.

A detailed description of all the content added is available as Release Notes (Community Login Required): Black Duck Documentation Portal  

We look forward to hearing your feedback on all the new capabilities in this release.