Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

Simplifying AppSec Results with Synopsys Software Risk Manager

The challenge: Consolidate vulnerability reporting across AST tools

“My role is to identify, understand, and communicate threats and mitigations in order to help our development teams protect CGI software,” said Rajesh Subramani, application security engineer at CGI. “CGI uses a variety of tools for application management, including an application portfolio management solution, an open source code quality analysis tool, a cloud-native application protection platform, and several others.”

CGI isn’t unusual in its use of multiple application security testing (AST) tools. A report by the Enterprise Strategy Group, “Cracking the Code of DevSecOps,” notes that over 70% of enterprises are using more than 10 AST solutions.

“Within our U.S. application security testing scope, we have well over 100 software projects underway,” Subramani continued. “With that many projects in development through deployment, all being examined by a spectrum of security testing tools, it was important that we start getting consolidated reports with results in one place.”

There was more than one business priority driving CGI’s decision to provide a single, consolidated view of security-related information from its AST tools. It needed to understand how effective its AppSec tools actually are, as well as gain complete visibility into process and performance across teams. And CGI development and operations teams wanted a centralized view of all issues so they could identify the security activities that have the most impact. Those whose focus is on security, such as Subramani, wanted to be able to identify and prioritize critical issues quickly.

The solution CGI selected to answer those business priorities was Software Risk Manager.

The solution: Simplify AppSec management with Software Risk Manager

Supporting over 125 integrations with security testing tools, Software Risk Manager is a unified, on-premises application security posture management (ASPM) solution that enables security and development teams to prioritize risk and focus on what matters most to them.

Software Risk Manager brings together policy, orchestration, correlation, and built-in static application security testing (SAST) and software composition analysis (SCA) engines to integrate security activities intelligently and consistently across the software development life cycle.

With Software Risk Manager, security and development teams can make informed security decisions from a single source of truth. By connecting security data, software resources, policies, and insights, CGI can make quick, informed decisions to immediately bolster its security posture.

Software Risk Manager is the only ASPM solution to offer industry-leading, built-in engines for SAST and SCA to quickly achieve source code and open source testing, and onboard necessary scanning with little disruption to existing pipelines. Software Risk Manager also provides contextual risk scoring of vulnerabilities and escalates critical issues, pushing these defects to developers directly within the tools they use. And it provides support for bidirectional syncing with issue-tracking systems. With centralized policy management, Software Risk Manager can define, enforce, and track adherence to policies that set criteria for testing, triage, and remediation.

The results: A complete picture of security risks

“We’ve found Software Risk Manager very helpful with static code analysis, since it uses the same SAST engine that powers Coverity® static analysis,” said Subramani. “I concentrate mainly on security issues—how well we’re performing against benchmarks such as the OWASP Top 10 and SANS Top 25.”

“One of the things I like about Software Risk Manager is its ability to filter out everything except what is important to you. It can produce information from the AST tools on everything related to the code they’re scanning—code quality and code “smell,” for instance. But if what you want is a strict focus on security vulnerabilities, Software Risk Manager will provide a laser focus on that and only that. Noise was an issue we had with several of the tools we use; that is, they throw out data in quantity, and it’s easy for the information you’re looking for to get lost in the noise. Software Risk Manager answers that problem.”

“Synopsys and Software Risk Manager have provided the results we’re looking for,” Subramani continued. “We can get results from all the tools we use consolidated into one place, and get the results filtered down to only the information we need. We found Software Risk Manager easy to configure, and its dashboard provides a great user experience. I’ve been very satisfied with the results we’ve seen.”

We can get results from all the tools we use consolidated into one place, and get the results filtered down to only the information we need."

Rajesh Subramani, application security engineer

CGI

Download the PDF

Company overview

Founded in 1976, CGI is one of the world’s largest IT and business consulting services firms, delivering end-to-end services and solutions. CGI consultants partner with clients in large enterprises and public sector agencies around the world to help them advance their business and technology strategies. CGI was recognized in 2023 by TIME magazine as one of the world’s best companies based on its achievements in the areas of employee satisfaction, revenue growth, and sustainability.

CGI has used Synopsys Software Risk Manager (formerly Code Dx) since 2018 within its U.S. business to integrate its security activities across over 100 software projects. Software Risk Manager is an on-premises application security posture management solution that enables security and development teams to simplify and strengthen their application security programs.

Resources to manage your AppSec risk at enterprise scale

Software Vulnerability Snapshot

Learn about the 10 most common web and software app vulnerabilities

Download the report

Build software security initiative in 5 steps

Manage your AppSec Risk

Get actionable insight to manage your software risk

Download the eBook

BSIMM14 Trends and Insights Report

Get the trends and recommendations to help improve your software security program

Download the report

Improve your AppSec program TCO and risk posture

Three steps to consolidate your effort, insight, and tools

Download the guide