Progress is offering over 50 enterprise-grade UI components from Progress® KendoReact™, a React UI library for business application development, for free.
Checkmarx acquired Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open source software supply chains.
Through this acquisition, Checkmarx will combine its AST capabilities with Dustico’s behavioral analysis technology to give customers a unified view into the risk, reputation, and behavior of open source packages, resulting in a more comprehensive approach to preventing supply chain attacks.
Supply chain incidents often stem from malicious actors deliberately injecting hard-to-detect, tainted code into open source packages used in software development. While open source presents myriad benefits, developers must take reputation and credibility into consideration and apply a zero-trust security mindset to external code packages being adopted into modern applications.
Dustico’s technology is built to go beyond traditional source code vulnerability analysis and look at the behavior and reputation of open source packages via a three-pronged approach. First, the solution factors in trust, providing visibility into the credibility of package providers and individual contributors in the open source community. Second, the health of packages is examined to determine their update cadence and level of maintenance. Finally, Dustico’s advanced behavioral analysis engine inspects the package and looks for malicious attacks hiding within including backdoors, ransomware, multi-stage attacks, and trojans.
This insight, coupled with vulnerability results from Checkmarx’s AST solutions, gives organizations and developers a more holistic, unified, and effective approach for managing the risks associated with open source and the supply chains dependent on them.
“Blending Dustico’s differentiated approach to open source analysis with Checkmarx’s best-of-breed security testing capabilities will bring disruptive value to our customers as they manage the challenges with securing software supply chains.” said Emmanuel Benzaquen, CEO, Checkmarx
“Today’s adversaries have zoned-in on software supply chains – many of which rely heavily on open source. As the threat of tampering in third-party packages increases, development teams must operate with the proactive assumption that all code may have been maliciously manipulated,” said Maty Siman, CTO, Checkmarx. “With Dustico, we’re building on our mission to secure open source by enabling customers to perform vulnerability, behavioral, and reputational analysis from a single solution. This will give developers and security leaders the insights and confidence needed to choose safer code packages, and in turn, build more secure applications at speed.”
Additional key features of Dustico include:
- Powered by highly advanced machine learning models, Dustico automatically detects abnormal behaviors in code packages and checks IOCs against multiple threat intelligence feeds to provide accurate and advanced detection of attackers’ activity (TTPs).
- Dustico’s technology is engineered to fetch packages for analysis as soon as they are published online, giving development teams a faster and more streamlined user experience.
- With Dustico being natively integrated into the Checkmarx platform, developers will benefit from a frictionless user experience via direct integrations into their CI and build systems.
Tzachi Zornstain, Co-Founder and CEO, Dustico, said: “We founded Dustico to help organizations cope with the explosion in supply chain and dependency attacks and fortify their trust in open source software, and we’re thrilled to join Checkmarx to further execute on this vision and bring our capabilities to a global set of customers.”
Industry News
Opsera announced a new Leadership Dashboard capability within Opsera Unified Insights.
Cycloid announced the introduction of Components, a new management layer enabling a modular, structured approach to managing cloud resources within the Cycloid engineering platform.
ServiceNow unveiled the Yokohama platform release, including ServiceNow Studio which provides a unified workspace for rapid application development and governance.
Sonar announced the upcoming availability of SonarQube Advanced Security.
ScaleOut Software introduces generative AI and machine-learning (ML) powered enhancements to its ScaleOut Digital Twins™ cloud service and on-premises hosting platform with the release of Version 4.
Kurrent unveiled a developer-centric evolution of Kurrent Cloud that transforms how developers and dev teams build, deploy and scale event-native applications and services.
ArmorCode announced the launch of two new apps in the ServiceNow Store.
Parasoft(link is external) is accelerating the release of its C/C++test 2025.1 solution, following the just-published MISRA C:2025 coding standard.
GitHub is making GitHub Advanced Security (GHAS) more accessible for developers and teams of all sizes.
ArmorCode announced the enhanced ArmorCode Partner Program, highlighting its goal to achieve a 100 percent channel-first sales model.
Parasoft(link is external) is showcasing its latest product innovations at embedded world Exhibition, booth 4-318(link is external), including new GenAI integration with Microsoft Visual Studio Code (VS Code) to optimize test automation of safety-critical applications while reducing development time, cost, and risk.
JFrog announced general availability of its integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
CloudCasa by Catalogic announce an integration with SUSE® Rancher Prime via a new Rancher Prime Extension.
MacStadium(link is external) announced the extended availability of Orka(link is external) Cluster 3.2, establishing the market’s first enterprise-grade macOS virtualization solution available across multiple deployment options.