MOUNTAIN VIEW, Calif.,
May 4, 2021 /PRNewswire/ -- Synopsys,
Inc. (Nasdaq: SNPS) today announced it will showcase the
Software Integrity Group's new Intelligent Orchestration solution
at RSA Conference on May
17th - 20th. Intelligent Orchestration
is a dedicated application security automation pipeline, optimized
for speed and efficiency, that ensures the right security tests are
performed at the right time. Intelligent Orchestration, which runs
in parallel to build and release pipelines, utilizes innovative
technology to automatically determine and initiate the most
appropriate security tests, including static (SAST), dynamic
(DAST), interactive (IAST), and software composition analysis
(SCA), based on pre-defined risk policies and changes made to an
application.
As the pace and complexity of software development increases,
security and development teams in all industries have recognized
that integrating and automating security testing within their
development toolchains and workflows is essential. However, they
often find that doing this can slow development pipelines and
overwhelm development teams with large volumes of testing results,
many of which do not require immediate attention.
The concepts and technology behind Intelligent Orchestration
were developed and refined through years of experience helping
customers navigate these challenges, including a Fortune 500
financial services company undergoing a significant digital
transformation effort:
"Testing your business-critical applications for security
vulnerabilities is essential, but when it comes to producing
actionable results and earning developers' trust in a DevOps
environment, the tests you don't run can be equally as important as
the tests you do run," said the director of application security
for the financial services client. "Avoiding extraneous testing
cycles and prioritizing the critical vulnerabilities that present
the most risk to your organization is key to embracing the benefits
of DevSecOps. We worked closely with Synopsys as they developed
their Intelligent Orchestration solution to address the DevSecOps
bottlenecks we were grappling with."
Intelligent Orchestration provides the following capabilities
and benefits:
- Dedicated "continuous security" pipeline
Intelligent
Orchestration is a dedicated continuous integration (CI) pipeline
that runs in parallel to build and release pipelines to perform
necessary application security tests.
- Seamless integration with existing pipelines and development
toolchains
Intelligent Orchestration does not require build
and release pipelines to be reimplemented. Instead, it easily
integrates with CI pipelines via simple API calls. In
addition, extensible DevOps integrations enable teams to
incorporate application security tests performed by Synopsys tools
as well as open source and third-party tools, and deliver results
via the development, risk management, and issue tracking tools they
already use.
- Ensures the right tests are run at the right
time
Teams can define their application security
policies as code, specifying rules for security analysis,
notification, and remediation. Using innovative technology,
Intelligent Orchestration then uses that policy to evaluate code
changes and other SDLC events to intelligently trigger the
appropriate security tests, maximizing velocity by performing only
the tests that are needed when they are needed.
- Delivers the right information to the right teams
Intelligent Orchestration optimizes and standardizes application
security reporting across the gamut of security testing tools.
Results are automatically filtered and prioritized based on risk
and delivered directly within the development and defect tracking
tools development teams already use, preventing "vulnerability
overload" and enabling teams to achieve the maximum risk impact at
minimum cost.
- Automates the workflow for manual or out-of-band testing
activities
Intelligent Orchestration policies can also
trigger manual security activities such as penetration tests,
through defect tracking systems and communication channels,
enabling security teams to coordinate security compliance with
development workflows.
"Every organization embracing DevOps encounters friction when
they integrate and automate security testing into their DevOps
environments," said Jason Schmitt,
general manager of the Synopsys Software Integrity Group.
"Automating the enforcement of application security policies across
your portfolio and managing high volumes of security testing
results, while trying to keep pace with the accelerating speed of
development, can be a daunting task. These challenges are precisely
what Intelligent Orchestration is designed to address. Through
policy-driven intelligence, automation, and extensive integrations,
Intelligent Orchestration streamlines security testing programs
based on risk and continuous iteration."
To learn more or to schedule a demo, visit the Intelligent
Orchestration webpage, read the blog post, or register for the
webinar on May 26, 2021.
About the Synopsys Software Integrity Group
Synopsys Software Integrity Group helps development teams build
secure, high-quality software, minimizing risks while maximizing
speed and productivity. Synopsys, a recognized leader in
application security, provides static analysis, software
composition analysis, and dynamic analysis solutions that enable
teams to quickly find and fix vulnerabilities and defects in
proprietary code, open source components, and application behavior.
With a combination of industry-leading tools, services, and
expertise, only Synopsys helps organizations optimize security and
quality in DevSecOps and throughout the software development life
cycle. Learn more at www.synopsys.com/software.
About Synopsys
Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™
partner for innovative companies developing the electronic products
and software applications we rely on every day. As an S&P 500
company, Synopsys has a long history of being a global leader in
electronic design automation (EDA) and semiconductor IP and offers
the industry's broadest portfolio of application security testing
tools and services. Whether you're a system-on-chip (SoC) designer
creating advanced semiconductors, or a software developer writing
more secure, high-quality code, Synopsys has the solutions needed
to deliver innovative products. Learn more at www.synopsys.com.
Editorial Contact:
Mark Van
Elderen
Synopsys, Inc.
650-793-7450
mark.vanelderen@synopsys.com
View original
content:http://www.prnewswire.com/news-releases/synopsys-to-showcase-new-application-security-orchestration-solution-at-rsa-conference-301283273.html
SOURCE Synopsys, Inc.