Black Duck® scans your projects and containers for open source, either as source or as binaries, helping you manage security vulnerabilities and licensing risks before they become problems. It enables you to review and prioritize vulnerabilities, assign remediation dates, and track closure. Black Duck also checks the licenses for risk levels and verifies use against company policies. After the scan, Black Duck continuously monitors for new vulnerabilities reported against open source libraries in use within your applications, enabling you to quickly respond to newly identified vulnerabilities.
Learn more about Black Duck
Code Sight™ is an IDE plug-in that helps developers address security defects in real time as they code, so they can quickly find and fix security risks in source code, open source dependencies, API calls, and infrastructure-as-code (IaC) files before code commit and integration.
Learn more about Code Sight
Coverity® finds critical defects and security vulnerabilities in software during development, before it reaches customers. It helps developers save time by finding issues early, and helps manage risk to enable better release decisions. Coverity supports over a dozen programming languages and a broad range of defect and vulnerability types.
Learn more about Coverity
Defensics® is a comprehensive, powerful, and automated black box solution that enables you to effectively and efficiently discover and remediate security weaknesses in software. By taking a systematic and intelligent approach to negative testing, Defensics allows you to ensure software security without compromising on product innovation, increasing time to market, or inflating operational costs.
Learn more about Defensics
Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. Learners have on-demand access to an immersive, continuous learning ecosystem that unifies security expertise, instructional design, and storytelling into an intuitive platform.
Learn more about eLearning
The Polaris Software Integrity Platform® is an integrated, cloud-based application security testing solution optimized for the needs of development and DevSecOps teams. Polaris brings our market-leading security analysis engines together in a unified platform, giving teams the flexibility to run different tests at different times based on application, project, schedule, or SDLC events.
Learn more about Polaris
Seeker®, our interactive application security testing (IAST) solution, gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). Seeker’s seamless integration into CI/CD workflows enables fast IAST at DevOps speed.
Learn more about Seeker
Software Risk Manager
Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.
Learn more about Software Risk Manager
WhiteHat™ Dynamic is a SaaS dynamic application security testing (DAST) solution that identifies readily exploitable vulnerabilities in web applications. WhiteHat Dynamic is production-safe and can be run continuously to help teams find vulnerabilities before hackers do.
Learn more about WhiteHat Dynamic