Next-gen Polaris software integrity simplifies app security testing, says Synopsys
At next week’s RSA Conference (24-27 April), Synopsys will explore how the latest capabilities of the Fast Application Security Testing (fAST) simplify application security testing for development, security, and operations (DevSecOps) at any scale.
Synopsys fAST Static and Synopsys fAST SCA (software composition analysis) enable DevOps teams to quickly find and fix vulnerabilities in their proprietary code and open source dependencies through a single, integrated SaaS (software as a service) platform, said the company.
Underpinned by modern cloud architecture and scalable multi-tenant SaaS delivery, Polaris makes it easy for developers to onboard and start scanning code in minutes while enabling security teams to track testing activities and manage risk across thousands of applications.
The latest enhancements to the Polaris software integrity platform facilitate workflows by performing static application security testing (SAST) and SCA through a single platform. Synopsys fAST Static and Synopsys fAST SCA are built on top of Synopsys’ Coverity and Black Duck analysis engines. This accelerates the accurate detection of vulnerabilities in source code and open source software in a single click with no configuration required. The multi-threaded analysis of fAST Static allows customers to run incremental scans that are five to 10 times faster than a full scan with no loss of accuracy, while fAST SCA provides teams with detailed analyses of open source vulnerabilities. The result is a combined view of issues at the application level that speeds up risk mitigation, said Synopsys.
It allows users to build security into DevOps through simplified integrations and automation. Polaris can be connected to Jenkins and Jira Cloud, as well as the GitHub, GitLab and Azure DevOps code repositories. Scans be automated based on defined schedules, or as part of any continuous integration (CI) workflow. Users can also define security policies to trigger alerts or halt builds when vulnerabilities are found. There is built-in reporting and analytics to streamline remediation workflows and track progress across applications and teams.
To manage application security risk at enterprise scale, the multi-tenant SaaS delivery of the Polaris software integrity platform includes elastic capacity and concurrent scanning across projects and scan types to minimise time-to-results. It easily scales to thousands of applications to meet the demands of large enterprise development organisations, said Synopsys.
For security teams, the platform’s integrated vulnerability analysis tooling helps identify application security hotspots across the entire software portfolio in real-time in an intuitive dashboard that displays vulnerability severity and type across applications, projects and test types.
Polaris also offers triage services that enlist Synopsys’ application security experts to review static analysis results and remove false positives, to improve the efficiency, accuracy and actionability of those scans. It also ensures that failed and misconfigured scans do not disrupt pipelines or developer workflows.
The Synopsys fAST Static and Synopsys fAST SCA tools are generally available with multiple stand-alone and combined configurations available for purchase.
Visit Synopsys at the RSA Conference in the South Hall, Moscone Center, booth 1135, San Francisco, California, USA (24 – 27 April 2023).