Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Code Intelligence Integrates with Jest
February 21, 2023
Code Intelligence announced integrating its recently open-sourced JavaScript fuzz testing engine, Jazzer.js, into Jest, a unit testing framework for JavaScript.
Developers can now use Jest for both functional and security testing without ever having to leave their development environment.
Code Intelligence’s new fuzz testing integration for Jest allows developers to run automated security tests, complimentary to their existing unit tests and enables them to test JavaScript applications for unknown bugs. Soon, Jazzer.js will also receive specialized bug detectors for critical vulnerabilities, including remote code executions (such as Log4Shell), cross-site-scripting, and injections.
“While most JavaScript developers already use Jest for functional testing, to test whether their application behaves as expected, our new Jest integration allows developers to also do negative testing. This is to check their applications for unexpected or strange behaviors. It does not only avoid security issues but makes the code more reliable and reduces outages and bad user experience.”, says Werner Krahe, Product Director of Code Intelligence.
Jazzer.js is a free, coverage-guided, in-process fuzzer for the entire Node.js platform. To ease accessibility, it is available within JavaScript’s node package manager (npm), which is used by most JavaScript developers to download their tooling. Developers can call Jazzer.js in Jest, by using the new it.fuzz() function in describe() blocks. This function calls highly automated fuzz tests that use coverage feedback to generate millions of unusual and unexpected test inputs that can trigger security vulnerabilities and functional bugs. Jazzer.js also provides a regression mode, which is useful in making sure that newly added code doesn’t break existing functionality.
“Our mission is to give every developer the necessary tools to write more secure code,” says Khaled Yakdan, Chief Scientist and Co-Founder of Code Intelligence. “The fuzz testing integration for Jest will help in making JavaScript applications more reliable and secure.”
Jazzer.js enables coverage-guided fuzzing for JavaScript and the Node.js.
Industry News
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
April 29, 2024
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
April 29, 2024
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
April 29, 2024
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
April 25, 2024
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
