Software Integrity Blog


Synopsys named a leader in static application security testing

Synopsys named a leader in static application security testing

We’re proud to announce that Synopsys has been positioned as a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017. The in-depth report evaluates the 10 most significant vendors in static application security testing (SAST), assessing their strengths and weaknesses across 29 criteria in three categories.

Coverity static analysis is the highest-ranked solution in both the current offering and strategy categories. Within the current offering category, Synopsys also received the highest scores in the criteria of rule management and software development life cycle (SDLC) integration. Within the strategy category, Synopsys received not only the highest score, but the highest score possible in the execution road map criterion. Synopsys is also among highest scoring vendors in the market approach and training criteria.

“As the foundational component of our Software Integrity Platform, we believe Synopsys Static Analysis has not only continued to deliver the value customers expect from an enterprise SAST tool—it has also evolved to address emerging trends in software like the shift to more rapid and iterative development workflows and the increasingly diverse ecosystem of programming languages, frameworks, and toolchains.”

—Andreas Kuehlmann, senior vice president and general manager, Synopsys Software Integrity Group

Coverity static analysis

Coverity static analysis is a comprehensive SAST platform that identifies defects in code and provides accurate and actionable remediation guidance. It helps firms reduce risk and lower project cost by identifying defects earlier in the software development life cycle (SDLC). In addition to its accuracy and speed of analysis, Coverity static analysis is optimized for use in DevOps environments and CI/CD workflows, with strong integration support for a wide range of development tools.

Based on patented techniques, a decade of research and development, and the analysis of over 10 billion lines of proprietary and open source code, Coverity static analysis provides full path coverage. Enable your developers to effectively build security into the SDLC, minimizing time spent triaging a large volume of false-positive results. Learn more about Coverity static analysis.

Code Sight IDE plugin

Code Sight is much more than a testing tool—it’s also a teaching tool that helps developers write secure code in real time. This lightweight IDE plugin automatically detects common defects as code is written, so your developers can fix each issue as it arises. Code Sight also teaches secure coding practices and improves developer productivity by identifying defects, explaining issues, and providing just-in-time contextual guidance for developers to resolve problems.

The Code Sight solution automatically scans code inside your IDE and provides remediation guidance tailored to your coding language. By improving developer security awareness, your firm can deliver more secure software faster. Learn more about Code Sight.

“Security pros need SAST tools to enable developers. Companies have traditionally used SAST tools late in the software development life cycle (SDLC) to scan products for vulnerabilities in proprietary code. Now, SAST vendors are trying to serve new users as security pros demand that their products give developers early remediation advice throughout the SDLC.”

—The Forrester Wave™: Static Application Security Testing, Q4 2017

Get your free copy of The Forrester Wave for SAST


More by this author