Synopsys Acquires Code Dx
June 08, 2021

Synopsys has acquired Code Dx, a provider of an application security risk management solution that automates and accelerates the discovery, prioritization, and remediation of software vulnerabilities.

The addition of Code Dx enables Synopsys to offer customers consolidated risk reporting and prioritization across correlated software vulnerability data produced by Synopsys solutions and more than 75 third-party and open source application security and development products. Headquartered in Northport, New York, the acquisition also adds a team of R&D engineers experienced in vulnerability correlation and integrating security testing activity across the entire software development pipeline.

The terms of the deal, which are not material to Synopsys' financials, are not being disclosed.

Prior to the acquisition, Code Dx was a member of the Synopsys Technology Alliance Partner (TAP) program. As part of that partnership, Synopsys has worked closely with Code Dx to support their integrations within the Synopsys product portfolio. As a result, customers can use Code Dx's offering in conjunction with Synopsys products immediately.

Synopsys provides a broad portfolio of application security solutions in the industry, including static, dynamic, and interactive application security testing and software composition analysis. The recently introduced Synopsys Intelligent Orchestration solution uses innovative technology to automatically determine and initiate the most appropriate security tests using Synopsys and third-party products based on pre-defined risk policies and changes made to an application. Code Dx complements and extends these solutions by aggregating and correlating security testing results from Synopsys products, third-party products, and open-source products across the pipeline to provide consolidated risk reporting and facilitate prioritized remediation efforts.

"The complexity and speed of modern software development requires the use of multiple security testing technologies and rapid testing cycles," said Jason Schmitt, GM of the Synopsys Software Integrity Group. "While robust security testing is vital to securing modern software, it often produces large amounts of vulnerability data that is difficult to manage at speed and at scale. Code Dx enables our customers to optimize and harness the breadth of our application security portfolio, along with third-party tools, by aggregating, correlating, and prioritizing security testing results based on risk."

The addition of Code Dx makes Synopsys the first vendor to provide the full spectrum of application security tools and services, including:

- A complete suite of industry-leading security testing tools

- An intelligent orchestration engine that automatically determines and initiates the appropriate tests for each step in the DevOps workflow

- An aggregation, correlation, and prioritization solution for the vulnerabilities identified during testing

- Consolidated application security risk reporting across any commercial and open-source application security solutions

- Consulting and managed services to align people, process, and technology and address application security risks holistically

The extensibility of Synopsys Intelligent Orchestration and Code Dx enables organizations to build more efficient and effective testing programs while leveraging their current investments in application security testing tools.

Share this

Industry News

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.

January 25, 2023

Tricentis announced the general availability of Tricentis Test Automation, a cloud-based test automation solution that simplifies test creation, orchestration, and scalable test execution for easier collaboration among QA teams and their business stakeholders and faster, higher-quality, and more durable releases of web-based applications and business processes.

January 24, 2023

Harness announced the acquisition of Propelo.

January 23, 2023

Couchbase announced its Couchbase Capella Database-as-a-Service (DBaaS) offering on Azure.

January 23, 2023

Mendix and Software Improvement Group (SIG) have announced the release of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to immediately address risks and vulnerabilities.

January 23, 2023

Trunk announces the public launch of CI Analytics.

January 23, 2023

Panaya announced a new Partnership Program in response to ongoing growth within its partner network over the past year.

January 23, 2023

Cloudian closed $60 million in new funding, bringing the company’s total funding to $233 million.

January 19, 2023

Progress announced the R1 2023 release of Progress Telerik and Progress Kendo UI.

January 19, 2023

Wallarm announced the early release of the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.

January 19, 2023

ThreatModeler launched Threat Model Marketplace, a cybersecurity asset marketplace offering pre-built, field-tested threat models to be downloaded — free for a limited time — and incorporated into new and ongoing threat modeling initiatives.

January 18, 2023

Software AG has launched new updates to its webMethods platform that will simplify the process by which developers can find, work on and deploy new APIs and integration tools or capabilities.