Posted by Dave Meurer on Tuesday, March 26th, 2019
Synopsys partners with an extensive team to help all our customers build secure, high-quality software faster. Meet the latest superhero: the Polaris platform.
The excitement from the Feb. 25 announcement of the Polaris Software Integrity Platform™ continues to grow. One area attracting a lot of attention is the way Polaris integrates with our rich ecosystem of partners. Polaris provides value to our partners by combining the power of Synopsys Software Integrity products in an integrated, easy-to-use solution. The platform enables our partners’ customers to build secure, high-quality software faster.
Polaris integrations span the entire DevOps landscape, from the developer IDE and build systems to container orchestration and cloud deployment platforms. Integration points are available for both the instantiation of scans and the consumption of results. One way to instantiate scans is through the Detect connector, which unifies Synopsys scans under one umbrella. Consuming results is also very straightforward through Polaris REST APIs.
Polaris also integrates with stand-alone Black Duck instances. This means that all our customers’ current Black Duck implementations and integrations continue to hold value and provide benefits in the Polaris platform.
Let me explain a bit more about how Polaris integrates into each DevOps stage:
Here at Synopsys, we believe application security should be tightly integrated into the development and deployment tools our customers use today. That belief was top of mind when we were designing and building Polaris.
The set of Synopsys partners is diverse, spanning the DevOps landscape. Polaris provides each type of partner with a similar but slightly different value proposition and integration strategy. I want to highlight each one separately:
Our dev tool partners provide the leading IDE, repository, CI/CD, and collaboration development tools. We want integration of application security into these tools to be easy for our customers. The Polaris platform provides a single integration point for multiple application security capabilities. Our AppSec offerings include static analysis (SAST), software composition analysis (SCA), and interactive application security testing (IAST). Imagine being able to connect all three through one command line tool. Think how easy it would be to get the results of all three scans through one REST API.
Synopsys has built and maintained over 50 partner solutions over the past two years. So we have a proven track record of building world-class integrations with our partners for our customers. Polaris provides a unique opportunity for us to evolve integrated application security in an easy and unified way with our partners.
Polaris was built for the cloud. So Synopsys and our cloud partners can bring unified enterprise application security capabilities to our joint customers. This is true whether they’re already in the cloud or are planning to move workloads to the cloud. Polaris reduces barriers to cloud entry because it provides cloud-based application security tooling, helping to alleviate security concerns.
There are two key points to note for our cloud partnerships. First, Polaris is cloud-native and runs on Kubernetes. So our joint customers have great options for deployment in their private cloud or on-premises. Second, we’ll keep developing our current cloud development tool integrations—such as AWS CodeBuild, Google Cloud Build, and OpsSight for Kubernetes—to ensure they continue to provide value in the Polaris platform.
At first glance, it may seem as if Polaris overlaps with our vulnerability management partners. On the contrary, Polaris provides a much more complementary solution to vulnerability management tools than first meets the eye.
Polaris unifies specific application security functions. But other security-related capabilities are not within the purview of the platform. These include network security and authorization. Synopsys values our vulnerability management partnerships because together, we can further broaden the security intelligence for our joint customers. Also, the Polaris platform simplifies the onboarding process for vulnerability management customers. Now they have only one plugin to set up for SAST, SCA, and dynamic analysis instead of three or more.
Integration for our vulnerability management partners is simple and works exactly the same as for our development tool partners. See the details above regarding Detect and the Polaris reporting REST APIs.
Polaris enables our GSI partners in a couple of different ways than it does our other partners. All the same benefits and integrations discussed above hold true. They’re just integrated into our GSI partners’ on-demand application services and consulting expertise in DevOps, containers, and security.
OK, I may not be an actual superhero, but I gotta tell ya: I feel like I am when I assemble all our great Synopsys partners to continue developing solutions on the Polaris platform and to build new ones. Although it’s the end for some superhero teams, it’s just the beginning for unified, best-of-breed enterprise application security from Synopsys and our partners.
Get the latest AppSec news and trends sent directly to you.