Synopsys recently achieved the Premier Tier in the CloudBees Partner Program for the alignment of its AST portfolio with CloudBees Core. The partnership aims to deliver the best of both worlds to customers adopting DevOps: CI/CD optimization and AST automation. With CloudBees Core on modern cloud platforms, you can add Synopsys tools—Coverity, Black Duck, and Seeker—to your pipelines with minimal friction. The secret is in the agents that run the tasks. By predefining agents with the tools required to run static application security testing, software composition analysis, and interactive application security testing, we can combine the power of Kubernetes with the management of CloudBees Core to orchestrate the use of these tools as part of your SDLC.
This blog post is the first in a series that will showcase how an organization using CloudBees Core and Synopsys AST offerings can implement Coverity, Black Duck, and Seeker into its pipelines to increase its software security posture while maintaining the speed of application delivery that CloudBees Core enables. Consider the following pipeline, which builds a basic application on CloudBees Jenkins: