Synopsys is focused on helping AppSec teams with broad and deep application security vulnerability coverage, while also enabling developers to find and fix issues quickly at the early stages of the software development life cycle (SDLC). This includes both open source and custom code, because to the developer, it’s all just code—they need to know what’s vulnerable and what can be done about it. Everything else is just noise.
In June 2021, Synopsys announced cloud-native coverage for Terraform, Kubernetes, and CloudFormation, as well as new microservices configuration checkers. Output formats for SARIF and JSON make for easy actionability, and GitHub and GitLab support enable scans on pull request automation, including policy definitions. Check out this blog post for more insight.
Synopsys also announced the general availability of the Black Duck Rapid Scan feature in June 2021. SAST and SCA are the one-two AST punch developers require. With Black Duck Rapid Scan, developers gain early insight into dependency risk, using the Detect CLI or CI/CD tools such as Jenkins and GitLab. Developers gain immediate insight into vulnerabilities with scalable results—more than 30,000 scans per day. Scans can be performed before code commit/on pull requests, and full multifactor scans can be run again later with a full software Bill of Materials. This provides the right mix of speed and depth for organizations using Black Duck.