DEVOPSdigest

Synopsys announced the general availability of Code Sight Standard Edition, a standalone version of the Code Sight plugin for integrated development environments (IDE) that enables developers to quickly find and fix security defects in source code, open source dependencies, infrastructure-as-code files, and more before they commit their code.

Code Sight Standard Edition leverages Synopsys' Rapid Scan Static and Rapid Scan SCA technology to provide fast, lightweight application security analysis in the developer's IDE, preventing costly rework caused by issues discovered later in the software development lifecycle (SDLC).

By enabling developers to fix security defects as they are coding, Code Sight Standard Edition reduces the load on downstream security testing and minimizes costly rework to fix issues discovered after developers have moved on to other projects. Code Sight Standard Edition, which is currently available for the Visual Studio Code IDE, works independently of centralized security testing tools like Coverity SAST and Black Duck SCA, which are typically used later in the SDLC. Developers can download and install Code Sight directly from the VS Code Marketplace and start analyzing their code in less than five minutes. Code Sight Standard Edition is available for free for a 30-day trial period.

"In the age of modern software development, speed is king and software risk equates to business risk," said Jason Schmitt, GM of the Synopsys Software Integrity Group. "That means developers shoulder a tremendous responsibility in protecting their organizations and they do not have the luxury of time to stop and scan. Equipping them with technology that helps them write more secure code from the outset can dramatically reduce the amount of time spent fixing open source and code security defects later in the SDLC. However, these benefits can't be achieved if developers are forced to change the way they work or switch back and forth between different tools. Code Sight is unique because it embeds market-leading open source and code analysis technology, optimized for the speed requirements of developers, all directly within the tool they are already using."