Synopsys to showcase Polaris Software Integrity platform

Synopsys fAST Static and Synopsys fAST SCA enable DevOps teams to quickly find and fix vulnerabilities in their proprietary code and open source dependencies through a single fully integrated SaaS platform.

Underpinned by modern cloud architecture and scalable multi-tenant SaaS delivery, Polaris makes it easy for developers to onboard and start scanning code in minutes while enabling security teams to track testing activities and manage risk across thousands of applications.

"Today, development, DevOps and security teams of all sizes need a fully integrated and automated solution that combines multiple testing technologies, reduces complexity, and matches the pace of modern DevSecOps," said Jason Schmitt, general manager of the Synopsys Software Integrity Group. "With Polaris, we are delivering a no-compromise application security platform that unifies proven, best-of-breed technologies into an integrated SaaS platform that can scale with them and is supported by the established industry leader."

The latest enhancements to the Polaris Software Integrity Platform accelerate development, DevOps and security team workflows by enabling them to:

• Perform static application security testing (SAST) and software composition analysis (SCA) through a single platform. Synopsys fAST Static and Synopsys fAST SCA are built on top of Synopsys' Coverity and Black Duck analysis engines, accelerating the accurate detection of vulnerabilities in source code and open source software in a single click – with no configuration required. The multi-threaded analysis of Synopsys fAST Static allows customers to run incremental scans that are 5—10x faster than a full scan with no loss of accuracy, while Synopsys fAST SCA provides teams with detailed analyses of open-source vulnerabilities. The result is a combined view of issues at the application level that speeds up risk mitigation.
• Build security into DevOps through simplified integrations and automation. Seamless out-of-the-box integrations make it easy to connect Polaris to Jenkins and Jira Cloud, as well as the GitHub, GitLab, and Azure DevOps code repositories. Teams can onboard users and applications quickly across the entire organisation, and easily automate scans based on defined schedules, or as part of any CI workflow. They can also define security policies to trigger alerts or halt builds when vulnerabilities are found, and built-in reporting and analytics enable actionability that streamlines remediation workflows and tracks progress across applications and teams.
• Manage application security risk at enterprise scale. The multi-tenant SaaS delivery of the Polaris Software Integrity Platform includes elastic capacity and concurrent scanning across projects and scan types to minimise time-to-results, and easily scales to thousands of applications to meet the demands of large enterprise development organisations. For security teams, the platform's integrated vulnerability analysis tooling helps identify application security hotspots across the entire software portfolio in real-time in an intuitive dashboard that displays vulnerability severity and type across applications, projects, and test types.

Additionally, Polaris offers triage services that enlist Synopsys' application security experts to review static analysis results and remove false positives, thus dramatically improving the efficiency, accuracy, and actionability of those scans – while also ensuring that failed and misconfigured scans don't disrupt pipelines or developer workflows.

According to Gartner(1), 80% of security and risk management leaders are now looking to consolidate their security spending with fewer vendors. The analyst firm notes that "across multiple security domains, security technology convergence is accelerating driven by the need to reduce complexity, leverage commonalities, reduce administration overhead and provide more effective security."

The Synopsys fAST Static and Synopsys fAST SCA offerings are generally available with multiple stand-alone and combined configurations available for purchase.

Those attending RSA Conference 2023 can get a first-hand look at Polaris and speak with a Synopsys representative in the South Hall.