Polaris fAST services are fast, powerful, and easy-to-use cloud-based application security testing, optimized for DevSecOps.
Fast. These days, it can be hard for us to agree on much of anything. But one thing that seems to unite us all is that when we want something, we want it now. And we need it fast.
Fast is definitely top-of-mind for anybody producing software. Delivery schedules are constantly being compressed, so anything that reduces the time for developer tasks is a good thing. But in software development, fast isn’t simply about the speed at which a particular function is performed. It’s also about
For development teams, fast translates into simplicity, scalability, and power, as well as speed.
With these needs in mind, today we are announcing the general availability of two new SaaS offerings, Polaris fAST Static and fAST SCA. Polaris fAST (fast application security testing) services are built on the same powerful analysis engines at the core of our market-leading products, integrated and delivered from the cloud via the latest version of our Polaris Software Integrity Platform®.
Many teams have transitioned to cloud-based solutions for their development toolchains, from source code management, to build and integration, to packaging and delivery. The benefits of cloud-based solutions are well-known – lower costs, greater agility, and improved ease-of-use.
While these teams may also want to realize these same benefits for their AST tools, until now, most cloud-based AST platforms have required them to compromise on one or more of their core requirements. A platform that is easy to use might not offer sufficient power and capabilities to effectively identify security issues in complex applications. One that offers speed at small scale may not have the ability to grow to enterprise scale. And often, teams find that most cloud-based AST platforms are strong in static application security testing (SAST) but weaker in software composition analysis (SCA), or vice versa.
Our goal with Polaris is to provide teams with a no-compromise SaaS AST solution, and these new Polaris fAST services deliver on that goal. Polaris fAST Static uses the same fast and accurate analysis engines as Synopsys Coverity® SAST, the market-leader in SAST, which provide broad language support and fast incremental analysis that has been proven at scale in the world’s largest software development projects. Polaris fAST SCA helps teams stay ahead of their software supply chain risks by providing the same comprehensive open source knowledgebase and Black Duck® Security Advisories used in our market-leading SCA solution Black Duck.
With Polaris, teams don’t have to choose between a SAST tool that is fast, scalable, and covers the variety of languages and frameworks they use, and an SCA tool that gives them an accurate view of their open source risks with security advisories that are more timely, accurate, and actionable than the National Vulnerability Database (NVD). They get both. And they get them in a unified SaaS platform that is both easy for their team to use today and can scale to whatever capacity they need in the future.
Integration and automation define modern software development. Developer actions in the IDE, source code manager (SCM), and bug-tracking system trigger build, test, package, and deploy activities automated by their continuous integration (CI) system. Any tool that doesn’t fit seamlessly into this DevSecOps ecosystem creates friction, which can result in teams missing deadlines or skipping tests to keep on schedule.
Polaris offers DevOps integrations that enable teams to automate security testing with their existing workflows and tools. You can schedule recurring security scans that will automatically pull code from GitHub or GitLab repo for analysis. Or you can trigger scans based on events in Jenkins CI workflows. Teams can also upload code directly through the Polaris UI for ad hoc tests.
Polaris also streamlines vulnerability triage and remediation workflows by providing policies that can automatically notify teams or “break the build.” And Jira integration makes it easy to assign issues to developers for remediation.
Development teams carry the bulk of the responsibility for application security testing, triage, and vulnerability remediation, but the responsibility for overall AppSec program coverage and success generally falls to security teams, especially in midsize to large organizations. Polaris helps these teams monitor and manage testing across their organization with built-in reports and dashboards, giving them insights into
As an easy-to-use SaaS platform, Polaris is ideal for smaller organizations and teams that may have few, if any, experienced application security analysts on staff. To help these teams get the most out of Polaris and keep things running smoothly, Synopsys offers a number of value-added services. These include
So even if your team is small, our team has you covered.
Polaris and the Polaris fAST services are constantly improving. We’ll be adding new fAST services to the platform in the months to come, as well as advanced policy management, enhanced vulnerability prioritization, expanded integrations, and improved dashboarding and reporting capabilities.
With all these changes the best way to learn more about Polaris is to see it for yourself. Click the button below to schedule a time for a live demo.
Patrick is the Senior Director of Product Marketing for Synopsys Software Integrity Group where he is laser focused on bringing solutions to market that help development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity.