Synopsys named a leader in the 2023 Gartner Magic Quadrant

In the report, Gartner evaluated 12 application security testing vendors based on their completeness of vision and ability to execute. Synopsys placed highest in ability to execute and furthest on completeness of vision for the fifth year in a row.

Synopsys also received the highest scores for all five Use Cases in the ‘2023 Critical Capabilities for Application Security Testing,’ a report that complements the Magic Quadrant and scores the same 12 vendors across these five common use cases: ²

• Enterprise
• Cloud-native applications
• DevSecOps
• Mobile and client
• Software supply chain security

As the speed and complexity of development increases and the occurrence of high-impact application security breaches becomes more frequent, security and development teams are looking to integrate and automate effective application security testing (AST) as part of their software development activities.

According to the authors of the report: "Modern application design, the shift to the cloud and the accelerating adoption of DevSecOps are expanding the scope of the AST market. Security and risk management leaders can meet tighter deadlines and test more complex applications by integrating and automating AST in the software life cycle."

"As recent highly publicised vulnerabilities and software supply chain attacks have shown, application security is both critical and complex," said Jason Schmitt, General Manager of the Synopsys Software Integrity Group. "To effectively mitigate risks in modern applications and their supply chains, organisations need to employ multiple security testing solutions that are fast, scalable, easy to use, and seamlessly integrated into the SDLC. Synopsys has made significant investments over the past year to address these needs, including the acquisition of WhiteHat Security and the release of new cloud-native SAST and SCA services on the Polaris Software Integrity Platform."

"We are honoured to be recognised by Gartner as a Leader in Application Security Testing for the seventh consecutive year," Schmitt added. "We believe this acknowledges our vision and ability to execute against evolving market requirements."

Download complimentary copies of the 2023 Magic Quadrant for Application Security Testing and the 2023 Critical Capabilities for Application Security Testing to learn more.

Over the past year, the Synopsys Software Integrity Group has introduced several new offerings and enhancements that have contributed to the business unit's continued growth and leadership:

• WhiteHat Security: Synopsys acquired WhiteHat Security, a provider of application security software-as-a-service (SaaS). The addition of WhiteHat Security provides Synopsys with significant SaaS capabilities and market-segment-leading dynamic application security testing (DAST) technology to strengthen what is considered one of the industry's broadest application security testing portfolios.
• Next-generation polaris services: Synopsys announced the general availability of two new Fast Application Security Testing (fAST) services optimised for speed and ease-of-use on Synopsys' Polaris Software Integrity Platform. Synopsys fAST Static and Synopsys fAST SCA services are built on the same powerful analysis engines at the core of Synopsys' Coverity and Black Duck solutions, integrated and delivered from the cloud via the latest version of Polaris.
• DevOps integrations: Over the past year, Synopsys has continued to optimise its application security testing solutions for developers and DevSecOps use cases, including enhancements to the Code Sight IDE plugin and a new GitHub Action for seamlessly integrating Coverity, Black Duck and Polaris into continuous integration and continuous delivery (CI/CD) workflows.
• Cloud-native AppSec: Synopsys enhanced and integrated its Rapid Scan engine across its AppSec portfolio, enabling customers to find security weaknesses and hard-coded secrets in cloud-native technologies like infrastructure-as-code templates, configuration files, and APIs. Rapid Scan supports more than 2,300 security checks and is now integrated into Code Sight, Coverity, Black Duck, Seeker, and Polaris.
• Software supply chain security: Synopsys introduced several Black Duck enhancements to help customers better understand and manage the security risks in their software supply chains. These enhancements include malicious component detection, simplified remediation for vulnerable transitive dependencies, and major improvements in scanning speed and scalability.

¹Gartner, Inc. "Magic Quadrant for Application Security Testing" by Mark Horvath, Dale Gardner, Manjunath Bhat, Ravisha Chugh, Angela Zhao, May 17, 2023.

²Gartner, Inc. "Critical Capabilities for Application Security Testing" by Dale Gardner, Mark Horvath, Angela Zhao, Ravisha Chugh, Manjunath Bhat, May 17, 2023.