We’re proud to announce that Synopsys has been positioned as a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017. The in-depth report evaluates the 10 most significant vendors in static application security testing (SAST), assessing their strengths and weaknesses across 29 criteria in three categories.
Synopsys Static Analysis (Coverity) is the highest-ranked solution in both the current offering and strategy categories. Within the current offering category, Synopsys also received the highest scores in the criteria of rule management and software development life cycle (SDLC) integration. Within the strategy category, Synopsys received not only the highest score, but the highest score possible in the execution road map criterion. Synopsys is also among highest scoring vendors in the market approach and training criteria.
“As the foundational component of our Software Integrity Platform, we believe Synopsys Static Analysis has not only continued to deliver the value customers expect from an enterprise SAST tool—it has also evolved to address emerging trends in software like the shift to more rapid and iterative development workflows and the increasingly diverse ecosystem of programming languages, frameworks, and toolchains.”
Senior vice president and general manager
Synopsys Software Integrity Group
Synopsys Static Analysis (Coverity) is a comprehensive SAST platform that identifies defects in code and provides accurate and actionable remediation guidance. It helps firms reduce risk and lower project cost by identifying defects earlier in the software development life cycle (SDLC). In addition to its accuracy and speed of analysis, Synopsys Static Analysis is optimized for use in DevOps environments and CI/CD workflows, with strong integration support for a wide range of development tools.
Based on patented techniques, a decade of research and development, and the analysis of over 10 billion lines of proprietary and open source code, Synopsys Static Analysis provides full path coverage. Enable your developers to effectively build security into the SDLC, minimizing time spent triaging a large volume of false-positive results.
Synopsys SAST in IDE (SecureAssist) is much more than a testing tool—it’s also a teaching tool that helps developers write secure code in real time. This lightweight static analysis tool automatically detects common defects as code is written, so your developers can fix each issue as it arises. Synopsys SAST in IDE also teaches secure coding practices and improves developer productivity by identifying defects, explaining issues, and providing just-in-time contextual guidance for developers to resolve problems.
The Synopsys SAST in IDE solution automatically scans code inside your IDE and provides remediation guidance tailored to your coding language. By improving developer security awareness, your firm can deliver more secure software faster.
“Security pros need SAST tools to enable developers. Companies have traditionally used SAST tools late in the software development life cycle (SDLC) to scan products for vulnerabilities in proprietary code. Now, SAST vendors are trying to serve new users as security pros demand that their products give developers early remediation advice throughout the SDLC.”
—The Forrester Wave™: Static Application Security Testing, Q4 2017