Code Dx was recognized for its leadership in application security development. Learn how Code Dx helps to build trust in your software.
Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best in Application Development Security. This achievement underscores Code Dx’s leadership as an application security orchestration and correlation (ASOC) solution, providing organizations with a way to centralize and automate the most labor-intensive parts of software security—risk assessment, triage, and remediation.
“Synopsys Code Dx uniquely addresses the industry’s need for scalability in application security, working within CI/CD pipelines to consolidate and prioritize issues across the SDLC,” said Victor Ng, editor-in-chief for CybersecAsia. “Code Dx’s robust correlation logic can consume hundreds of findings from siloed and varied AST tools, eliminate duplicate and false-positive results, and provide holistic insight into software business risk. Importantly, Code Dx helps security and development teams cut down AppSec noise and focus their efforts on high-impact remediation activities. We congratulate Synopsys Code Dx for winning the CybersecAsia Reader’s Choice Award 2021 for Best in Application Development Security.”
CybersecAsia is the leading reader’s choice awards program that recognizes Asia’s cybersecurity trailblazers for driving notable advancements and innovations in the industry. Backed by Asia’s most trusted source of cybersecurity information, CybersecAsia.net, the awards recognize organizations that deliver solutions capable of scaling to the large and complex security risks created by the increasing accessibility of applications and data.
Code Dx is a platform that offers an efficient way to perform test execution, results correlation, and remediation tracking across a multitude of application security testing (AST) tools. It helps organizations accelerate their existing AppSec programs by eliminating the pipeline friction and vulnerability overload that results from integrating AppSec into automated DevOps.
The key to how Code Dx enhances the speed and effectiveness of AppSec programs is its correlation engine, which aggregates, deduplicates, and correlates results from all scanning tools—static, dynamic, commercial, and open source—to create a system of record and manage vulnerabilities. Code Dx can perform hybrid analysis, which enables the correlation of SAST and DAST/IAST results and provides visibility into how findings can be exploited by known threats, as well as identifying test cases for those findings. With Code Dx, security and DevOps teams can prioritize issues based on a risk score calculated by business criticality of software affected, exploitability, and severity of a given vulnerability.
Code Dx also helps reduce the time it takes to triage testing results, one of the most time-consuming parts of the security process. Code Dx Triage Assistant leverages machine learning to recommend which findings to act on and which to ignore, based on prior triage decisions. It provides analysts with information on which findings are most important so they can filter by status or score, enabling them to focus on high-priority items and remove irrelevant findings from the results set.
Applications are becoming a prime target for cyberattacks, spurring increased investment in AST tooling. In a recent ESG study on application security trends, roughly two-thirds of respondents were already using over a dozen AST tools. Yet 60% had experienced an exploited application security issue within the last year. But integrating so many AST tools within CI/CD tool chains and across all pipelines can be a complex and time-consuming undertaking, and can increase the risk of breaking existing builds and release pipelines. Additionally, the speed of existing DevOps production cycles is often slowed down by security processes. Development teams responsible for remediation are forced to sort through an overwhelming volume of findings across disparate reporting sources or custom-built data lakes, with no ability to prioritize relevant and meaningful issues.
Shifting security left requires an agile approach to conducting security analysis, policy execution, and remediation workflow. When used in conjunction with Intelligent Orchestration by Synopsys, Code Dx offers a way for organizations to shift left by digitally transforming their AppSec program. Code Dx and Intelligent Orchestration work together to standardize the end-to-end processes for orchestration, testing, and remediation; prioritize critical security testing and findings; and implement policies as code. Both solutions support commonly used tools and issue-trackers within the DevOps framework, and don’t slow down development velocity or break builds—and they fit seamlessly within your existing CI/CD pipeline. These capabilities help teams cut down on security backlogs, increase team productivity, and importantly, help organizations realize the full value of their AppSec program.
“Security is often challenged to keep pace with DevOps, and the pressure of keeping up with release cycles increases the organization’s risk of a breach. What organizations need is a solution that makes security more scalable with automation. Code Dx mitigates your risk of a breach while helping you to be faster and more agile. It correlates and prioritizes security findings across your application security testing tools,” said Geok Cheng Tan, senior director of sales at Synopsys.
Natasha is a senior security solutions manager for Integrated Application Security at Synopsys. She has over eight years of experience in the cybersecurity and enterprise networking space. Prior to Synopsys, Natasha was with ServiceNow, where she drove product marketing initiatives for ServiceNow Security Operations, a SOAR platform for incident and vulnerability management. She has also held various roles in product marketing and software product management at Imperva and A10 Networks.