Synopsys enables DevOps teams with latest security testing offerings
Synopsys has announced it will showcase the Fast Application Security Testing (fAST) offerings that represent the latest capabilities and features of the Polaris Software Integrity Platform at RSA Conference 2023, April 24-27 in San Francisco.
Synopsys fAST Static and Synopsys fAST SCA are designed to enable DevOps teams to quickly find and fix vulnerabilities in their proprietary code and open source dependencies through a single fully integrated SaaS platform.
Underpinned by modern cloud architecture and scalable multi-tenant SaaS delivery, Polaris aims to make it easier for developers to onboard and start scanning code, while enabling security teams to track testing activities and manage risk across thousands of applications.
Jason Schmitt, General Manager of the Synopsys Software Integrity Group, comments, "Today, development, DevOps and security teams of all sizes need a fully integrated and automated solution that combines multiple testing technologies, reduces complexity, and matches the pace of modern DevSecOps.
"With Polaris, we are delivering a no-compromise application security platform that unifies proven, best-of-breed technologies into an integrated SaaS platform that can scale with them and is supported by the established industry leader."
The latest enhancements to the Polaris Software Integrity Platform accelerate development, DevOps and security team workflows by enabling them to:
- Perform static application security testing (SAST) and software composition analysis (SCA) through a single platform. Synopsys fAST Static and Synopsys fAST SCA are built on top of Synopsys' Coverity and Black Duck analysis engines, accelerating the accurate detection of vulnerabilities in source code and open source software in a single click - with no configuration required. The multi-threaded analysis of Synopsys fAST Static allows customers to run incremental scans that are 5-10 times faster than a full scan with no loss of accuracy, while Synopsys fAST SCA provides teams with detailed analyses of open source vulnerabilities. The result is a combined view of issues at the application level that speeds up risk mitigation.
- Build security into DevOps through simplified integrations and automation. Out-of-the-box integrations make it easy to connect Polaris to Jenkins and Jira Cloud, as well as the GitHub, GitLab and Azure DevOps code repositories. Teams can onboard users and applications across the entire organisation and automate scans based on defined schedules, or as part of any CI workflow. They can also define security policies to trigger alerts or halt builds when vulnerabilities are found, and built-in reporting and analytics enable actionability that streamlines remediation workflows and tracks progress across applications and teams.
- Manage application security risk at enterprise scale. The multi-tenant SaaS delivery of the Polaris Software Integrity Platform includes elastic capacity and concurrent scanning across projects and scan types to minimise time-to-results and scales to thousands of applications to meet the demands of large enterprise development organisations. For security teams, the platform's integrated vulnerability analysis tooling helps identify application security hotspots across the entire software portfolio in real-time in an intuitive dashboard that displays vulnerability severity and type across applications, projects and test types.
Additionally, Polaris offers triage services that enlist Synopsys' application security experts to review static analysis results and remove false positives, thus improving the efficiency, accuracy and actionability of those scans, while also ensuring that failed and misconfigured scans don't disrupt pipelines or developer workflows, the company states.
According to Gartner, 80% of security and risk management leaders are now looking to consolidate their security spending with fewer vendors. The analyst firm notes that, "Across multiple security domains, security technology convergence is accelerating driven by the need to reduce complexity, leverage commonalities, reduce administration overhead and provide more effective security."
The Synopsys fAST Static and Synopsys fAST SCA offerings are generally available with multiple stand-alone and combined configurations available for purchase.