Synopsys enhances Polaris Software Integrity Platform with fAST offerings
Synopsys has launched the Fast Application Security Testing (fAST) offerings that represent the latest capabilities and features of the Polaris Software Integrity Platform.
Synopsys fAST Static and Synopsys fAST SCA enable DevOps teams to quickly find and fix vulnerabilities in their proprietary code and open source dependencies through a single fully integrated SaaS platform.
Underpinned by modern cloud architecture and scalable multi-tenant SaaS delivery, Polaris makes it easy for developers to onboard and start scanning code in minutes while enabling security teams to track testing activities and manage risk across thousands of applications.
“Today, development, DevOps and security teams of all sizes need a fully integrated and automated solution that combines multiple testing technologies, reduces complexity, and matches the pace of modern DevSecOps,” said Jason Schmitt, GM of the Synopsys Software Integrity Group.
“With Polaris, we are delivering a no-compromise application security platform that unifies proven, best-of-breed technologies into an integrated SaaS platform that can scale with them and is supported by the established industry leader,” Schmitt added.
The latest enhancements to the Polaris Software Integrity Platform accelerate development, DevOps and security team workflows by enabling them to:
Perform static application security testing (SAST) and software composition analysis (SCA) through a single platform
Synopsys fAST Static and Synopsys fAST SCA are built on top of Synopsys’ Coverity and Black Duck analysis engines, accelerating the accurate detection of vulnerabilities in source code and open source software in a single click—with no configuration required.
The multi-threaded analysis of Synopsys fAST Static allows customers to run incremental scans that are 5-10 times faster than a full scan with no loss of accuracy, while Synopsys fAST SCA provides teams with detailed analyses of open source vulnerabilities.
The result is a combined view of issues at the application level that speeds up risk mitigation.
Build security into DevOps through simplified integrations and automation
Seamless out-of-the-box integrations make it easy to connect Polaris to Jenkins and Jira Cloud, as well as the GitHub, GitLab and Azure DevOps code repositories. Teams can onboard users and applications quickly across the entire organization, and easily automate scans based on defined schedules, or as part of any CI workflow.
They can also define security policies to trigger alerts or halt builds when vulnerabilities are found, and built-in reporting and analytics enable actionability that streamlines remediation workflows and tracks progress across applications and teams.
Manage application security risk at enterprise scale
The multi-tenant SaaS delivery of the Polaris Software Integrity Platform includes elastic capacity and concurrent scanning across projects and scan types to minimize time-to-results, and easily scales to thousands of applications to meet the demands of large enterprise development organizations.
For security teams, the platform’s integrated vulnerability analysis tooling helps identify application security hotspots across the entire software portfolio in real-time in an intuitive dashboard that displays vulnerability severity and type across applications, projects and test types.
Additionally, Polaris offers triage services that enlist Synopsys’ application security experts to review static analysis results and remove false positives, thus dramatically improving the efficiency, accuracy and actionability of those scans—while also ensuring that failed and misconfigured scans don’t disrupt pipelines or developer workflows.
According to Gartner, 80% of security and risk management leaders are now looking to consolidate their security spending with fewer vendors. The analyst firm notes that “across multiple security domains, security technology convergence is accelerating driven by the need to reduce complexity, leverage commonalities, reduce administration overhead and provide more effective security.”