Synopsys Announces First Application Security Testing Solution to Analyze Both Open Source and Proprietary Code on the Developer's Desktop

New Polaris capabilities combine SCA and SAST in the IDE, enabling developers to proactively find and fix security risks across third-party and custom components

MOUNTAIN VIEW, Calif., Feb. 12, 2020 — (PRNewswire) — Synopsys, Inc. (Nasdaq: SNPS) today announced that on Feb. 18 it will release a major update to the Polaris Software Integrity Platform to extend its static application security testing (SAST) and software composition analysis (SCA) capabilities to the developer's desktop through the native integration of the Code Sight IDE plugin. These capabilities, the first of their kind, will enable developers to proactively find and fix both security weaknesses in proprietary code and known vulnerabilities in open source dependencies simultaneously, without leaving their interactive development environment (IDE).

Synopsys will showcase these new capabilities at RSA Conference 2020, Booth S-1135, in San Francisco on Feb. 24–28. To receive a complimentary RSA Expo Pass, register using code XS0USYNOP.

"In modern development environments, security testing needs to integrate seamlessly into the developer's workflow, but it also needs to cover both proprietary and third-party code," said Simon King, vice president of solutions at the Synopsys Software Integrity Group. "By providing real-time SAST and now SCA results together in the IDE, Synopsys enables developers to detect security defects in both their own code and the open source components they leverage – as they build their applications. Developers can fix problems in real time, avoiding the risks and loss of productivity when issues are allowed to go undetected for days, weeks, or even months after they've moved on to other tasks. With this release, the native integration of the Code Sight IDE plugin enables developers to build secure, high-quality software faster."

More about the new Code Sight IDE plugin:

  • Building on the Code Sight SAST capabilities first introduced in 2019, this release introduces the ability to analyze declared and transitive open source dependencies, flagging components with known security issues alongside SAST findings in the IDE.
  • With the new SCA capabilities, developers can review known vulnerabilities of flagged components to verify the risk and determine remediation options, all without leaving the IDE. 
  • The Code Sight plugin provides vulnerability information from Black Duck Security Advisories (BDSAs), researched by Synopsys, as well as public CVE records from the National Vulnerability Database (NVD).
  • BDSAs provide developers with more timely, accurate, and thorough risk and remediation information than is available in the NVD, helping them find and fix vulnerabilities faster and more effectively than other solutions.
  • The Code Sight plugin also helps developers quickly identify and select the best fix for vulnerabilities by providing detailed remediation guidance, directing them to more secure component versions. Developers can then implement fixes at once, without interrupting their workflow or leaving the IDE.
  • In addition to vulnerability information, the Code Sight plugin provides other information developers can use to optimize component selection, including open source license risks and potential security and license compliance violations of the organization's predefined open source policies.

To learn more, read the blog post.

About the Synopsys Software Integrity Group

Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.

Editorial Contacts:

Mark Van Elderen
Synopsys, Inc.
650-793-7450
mark.vanelderen@synopsys.com

 

Cision View original content: http://www.prnewswire.com/news-releases/synopsys-announces-first-application-security-testing-solution-to-analyze-both-open-source-and-proprietary-code-on-the-developers-desktop-301003577.html

SOURCE Synopsys, Inc.

Contact:
Company Name: Synopsys, Inc.
Web: https://www.synopsys.com/
Financial data for Synopsys, Inc.




Review Article Be the first to review this article
Aldec

 Advanced Asembly

Featured Video
Latest Blog Posts
Bob Smith, Executive DirectorBridging the Frontier
by Bob Smith, Executive Director
You’re Invited! SEMI’s Innovation for a Transforming World
intelThe Dominion of Design
by intel
The Long Game: Product and Security Assurance
Anupam BakshiAgnisys Automation Review
by Anupam Bakshi
Setting a High Standard for Standards-Based IP
Jobs
SerDes Applications Design Engineer for Xilinx at San Jose, California
Test and Measurement System Architect for Xilinx at San Jose, California
Sr Engineer - RF/mmWave IC Design for Global Foundaries at Santa Clara, California
Principle Engineer (Analog-Mixed-Signal Implementation) for Global Foundaries at Santa Clara, California
Technical Product Manager- SISW-EDA 238452 for Siemens AG at Fremont, California
Senior HID Sensor Algorithm Architect for Apple Inc at Cupertino, California
Upcoming Events
Join Chipx2021 - at Tel Aviv Expo convention center Tel Aviv Israel - Jun 21 - 22, 2021
Innovation for a Transforming World -virtual Event at United States - Jul 13 - 14, 2021
DesignCon 2021 at San Jose McEnery Convention Center San Jose, CA San Jose CA - Aug 16 - 18, 2021
SEMICON Southeast Asia 2021 Hybrid Event at Setia SPICE Convention Centre Penang Malaysia - Aug 23 - 27, 2021



© 2021 Internet Business Systems, Inc.
670 Aberdeen Way, Milpitas, CA 95035
+1 (408) 882-6554 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering TechJobsCafe - Technical Jobs and Resumes GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise