DEVOPSdigest

Synopsys has been named by Gartner, Inc. as a Leader in the Magic Quadrant for Application Security Testing for the third consecutive year.

In the report, Gartner evaluated 11 application security testing vendors based on their completeness of vision and ability to execute. Synopsys was positioned highest for ability to execute and the furthest to the right for completeness of vision.

According to the authors of the report, "Gartner has observed that the major driver in the evolution of the AST market is the need to support enterprise DevOps initiatives. In a DevOps environment, customers require offerings that provide a higher degree of automation, correlation of findings and integration with DevOps pipeline tools. In general, clients desire solutions that focus on high-assurance, high-value findings with fast turnaround times. Buyers expect offerings to fit earlier in the development process with testing often driven by developers rather than security specialists, and tightly integrated as part of the build and release process."

"AST solutions must be fast, automated, and integrated into the development pipeline in order to effectively manage application security risk in modern DevOps environments," said Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group. "At the same time, they need to produce high-fidelity results that facilitate prioritized and efficient remediation efforts to avoid unwanted friction with developers. We believe Gartner's continued recognition of Synopsys as a Leader in application security testing validates our strategy and ability to address these customer needs."

Over the past year, Synopsys has introduced several new offerings and enhancements to its software security portfolio:

- Synopsys introduced the Polaris Software Integrity Platform, a new cloud-based platform brings the power of Synopsys Software Integrity products and services together into an integrated solution that enables security and development teams to build secure, high-quality software faster.

- Synopsys introduced the Code Sight IDE plugin, a key component of the Polaris Software Integrity Platform, that extends the power of Synopsys' solutions to the developers' native work environment, enabling them to easily find and fix security vulnerabilities in their code as they write.

- Synopsys released the redesigned Seeker interactive application security testing (IAST) solution to further enable DevSecOps and continuous delivery of secure web applications.

- Synopsys released two major updates to the Coverity static application security testing (SAST) solution to boost scalability and expand coverage for new programming languages and frameworks.

- Synopsys integrated the Black Duck software composition analysis (SCA) solution into the portfolio; Black Duck SCA is the only solution capable of identifying open source across source code, binaries, code snippets, software packages, and containers.