Software Integrity Blog

 

CloudBees and Synopsys: Putting ‘Sec’ into DevSecOps

CloudBees Core users can add Synopsys AST offerings to their pipelines to boost their software security posture without slowing down application delivery.

CloudBees and Synopsys: Putting “Sec” into DevSecOps

CloudBees Core: Bridging Dev and Ops into DevOps

DevOps is often synonymous with faster releases, fewer failures, improved teamwork and communication, and overall increasing IT efficiency to reduce costs. These benefits appeal to both developers and operations teams, and in response, organizations are embracing culture change and processes that bring these once-isolated teams together. As many organizations have come to find out, sometimes the hard way, DevOps transformation is as much about creating a process and adopting a mindset as it is about acquiring the right tools. The best way to ensure your DevOps initiative is successful is to engage with the right vendor partners and tap into their expertise in helping other companies realize this change.

Enter CloudBees Core. Born from CloudBees’ experience supporting and helping organizations implement DevOps practices around Jenkins, CloudBees Core is an end-to-end continuous software delivery system that helps administrators manage growing installations due to ever-increasing teams, projects, and jobs while getting professional support on Jenkins. The result is a centrally managed CI/CD service with a self-service experience for engineering teams that need access to a wide range of tools. Not only does it make Jenkins easy to adopt and scale, but it also simplifies the implementation of application security testing (AST) in development pipelines.

Together, CloudBees and Synopsys deliver DevSecOps faster time to value.

“There is great synergy between CloudBees and Synopsys solutions. Within CloudBees Core, Coverity and Black Duck perform security scanning on proprietary and open source code during CI stages, then support policy enforcement during CD stages. Together, CloudBees and Synopsys deliver DevSecOps faster time to value,” said Francois Dechery, chief strategy officer and co-founder at CloudBees.

CloudBees and Synopsys: Putting ‘Sec’ into DevSecOps

Synopsys recently achieved the Premier Tier in the CloudBees Partner Program for the alignment of its AST portfolio with CloudBees Core. The partnership aims to deliver the best of both worlds to customers adopting DevOps: CI/CD optimization and AST automation. With CloudBees Core on modern cloud platforms, you can add Synopsys tools—Coverity, Black Duck, and Seeker—to your pipelines with minimal friction. The secret is in the agents that run the tasks. By predefining agents with the tools required to run static application security testing, software composition analysis, and interactive application security testing, we can combine the power of Kubernetes with the management of CloudBees Core to orchestrate the use of these tools as part of your SDLC.

This blog post is the first in a series that will showcase how an organization using CloudBees Core and Synopsys AST offerings can implement Coverity, Black Duck, and Seeker into its pipelines to increase its software security posture while maintaining the speed of application delivery that CloudBees Core enables. Consider the following pipeline, which builds a basic application on CloudBees Jenkins:

Pipeline to build a basic application on CloudBees Jenkins

CloudBees + Synopsys

We’ll be bringing Coverity, Black Duck, and Seeker to CI/CD workflows using Jenkins with CloudBees Core. We’re very excited about this partnership and the value that our joint customers will be able to realize when they bring together release automation by CloudBees and security testing automation by Synopsys. Stay tuned!

If you can’t wait, and you want to see the solution in action now, reach out to Synopsys at partner-solutions@synopsys.com and ask us how you can implement and automate AST as part of your SDLC today!

Ask us about our CloudBees partnership

 

More by this author