Software Integrity Development & DevOps Integrations | Synopsys
close search bar

Sorry, not available in this language yet

close language selection

Development and DevOps Integrations

Build security and quality into your DevOps tools and pipelines

  • SCM
  • IDE
  • Package
    manager
  • Build
    and CI
  • Binary
    repository
  • Workflow and
    notifications
  • Security
    testing
  • Vulnerability
    management
  • Production
    deployment

Source code management (SCM) integrations

AccuRev

AccuRev

GitHub

GitHub

Subversion

Subversion

Azure Repos

Azure Repos

GitLab

GitLab

Bitbucker

Bitbucket

Helix Core

Helix Core

Concurrent Versions System

Concurrent Versions System (CVS)

Mercurial

Mercurial

Integrated development environment (IDE) integrations

Android Studio

Android Studio

PhpStorm

PhpStorm

Visual Studio

Visual Studio

Eclipse IDE

Eclipse IDE

PyCharm

PyCharm

Visual Studio Code

Visual Studio Code

IBM Engineering Workflow Management

IBM Engineering Workflow Management

QNX Momentics Tool Suite

QNX Momentics Tool Suite

WebStorm

WebStorm

IntelliJ IDEA

IntelliJ IDEA

RubyMine

RubyMine

Wind River Workbench

Wind River Workbench

Package manager integrations

Bazel

Bazel

Composer

Composer

Go Module CLI

Go Module CLI

Maven

Maven

Pip

Pip

Yarn

Yarn

Bower

Bower

Comprehensive Perl Archive Network (CPAN)

Comprehensive Perl Archive Network (CPAN)

Go Vndr

Go Vndr

npm

npm

Poetry

Poetry

Yocto Project (YP)

Yocto Project (YP)

Cargo

Cargo

Conan

Conan

Gogradle

Gogradle

NuGet

NuGet

Rebar3

Rebar3

CocoaPods

CocoaPods

Conda

Conda

Lerna

Lerna

Packrat

Packrat

RubyGems

RubyGems

Build and CI integrations

AWS CodeBuild

AWS CodeBuild

CircleCI

CircleCI

GitHub Actions

GitHub Actions

SBT

sbt

Azure DevOps Server

Azure DevOps Server

Jenkins (commercial)

CloudBees Software Delivery Automation

GitLab CI

GitLab CI

TeamCity

TeamCity

Azure Pipelines

Azure Pipelines

CodeShip

CodeShip

Gradle

Gradle

Travis CI

Travis CI

Bamboo

Bamboo

Concourse

Concourse

Jenkins (open source)

Jenkins

Wind River Workbench

Wind River Studio

Binary repository integrations

Amazon Elastic Container Registry

Amazon Elastic Container Registry (ECR)

Google Container Registry

Google Container Registry

Artifactory

Artifactory

Nexus Repository

Nexus Repository

Azure Container Registry

Azure Container Registry

Docker Registry

Docker Registry

Workflow and notifications integrations

Azure Boards

Azure Boards

Slack

Slack

Bugzilla

Bugzilla

Software Package Data Exchange (SPDX)

Software Package Data Exchange (SPDX)

Jira Software

Jira Software

Microsoft Teams

Microsoft Teams

Security testing integrations

Acunetix

Acunetix

Acunetix

Aqua Cloud Native Security Platform (CNAPP)

Acunetix

Checkmarx Interactive Application Security Testing (CxIAST)

Acunetix

Clang Static Analyzer

Acunetix

Contrast Assess

Acunetix

Dependency-Track

Acunetix

Find Security Bugs

Acunetix

GDS PMD Secure Coding Ruleset

Acunetix

Gosec

Acunetix

Jlint

Acunetix

Nessus

Acunetix

NowSecure Auto

Acunetix

OWASP Zed Attack Proxy (ZAP)

Acunetix

PHP Mess Detector (PHPMD)

Acunetix

Pylint

Acunetix

SafeSQL

Acunetix

Sentinel

Acunetix

SpotBugs

Acunetix

Tenable.sc

Acunetix

Veracode Manual Penetration Testing (MPT)

Acunetix

Vex

Acunetix

Anchore Enterprise

Acunetix

Arachni

Acunetix

Checkmarx Software Composition Analysis (CxSCA)

Acunetix

Code Cracker

Acunetix

Cppcheck

Acunetix

Errcheck

Acunetix

Fortify Software Security Center

Acunetix

Gendarme

Acunetix

HCL AppScan

Acunetix

JSHint

Acunetix

Netsparker

Acunetix

NowSecure INTEL

Acunetix

Parasoft C/C++test

Acunetix

PHP_CodeSniffer

Acunetix

Qualys Vulnerability Management (VM)

Acunetix

Scalastyle

Acunetix

Snyk Container

Acunetix

sqlmap

Acunetix

ThunderScan

Acunetix

Veracode Software Composition Analysis (SCA)

Acunetix

Visual Studio Code Analysis

Acunetix

Android Studio Lint

Acunetix

Brakeman

Acunetix

Checkmarx Static Application Security Testing (CxSAST)

Acunetix

CodePeer

Acunetix

Deepfactor Developer Security

Acunetix

Error Prone

Acunetix

Fortify Static Code Analyzer

Acunetix

Gocyclo

Acunetix

Ineffassign

Acunetix

Microsoft Threat Modeling Tool

Acunetix

Nexus Lifecycle

Acunetix

NowSecure Workstation

Acunetix

Parasoft dotTEST

Acunetix

phpcs-security-audit

Acunetix

Qualys Web Application Scanning (WAS)

Acunetix

SD Elements

Acunetix

Snyk Open Source

Acunetix

Staticcheck

Acunetix

Trustwave App Scanner

Acunetix

Veracode Static Analysis

Acunetix

WhiteSource

Acunetix

AppSpider

Acunetix

Burp Suite

Acunetix

Checkstyle

Acunetix

CodeSonar

Acunetix

Dependency-Check

Acunetix

ESLint

Acunetix

Fortify WebInspect

Acunetix

Golint

Acunetix

JFrog Xray

Acunetix

Mobile Secure

Acunetix

Nmap

Acunetix

OCLint

Acunetix

Parasoft Jtest

Acunetix

Prisma Cloud

Acunetix

Retire.js

Acunetix

Security Code Scan (SCS)

Acunetix

Snyk Open Source License Compliance Management

Acunetix

Tenable.io

Acunetix

Veracode Dynamic Analysis

Acunetix

Vet

Vulnerability management integrations

Brinqa

Brinqa

ZeroNorth

ZeroNorth

Kenna Security

Kenna Security

SonarQube

SonarQube

ThreadFix

ThreadFix

Production deployment integrations

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Kubernetes (K8s)

Kubernetes (K8s)

Cloud Foundry

Cloud Foundry

Microsoft Azure

Microsoft Azure

Google Cloud

Google Cloud

Red Hat OpenShift

Red Hat OpenShift

IBM Cloud Pak for Applications

IBM Cloud Pak for Applications

VMware Tanzu

VMware Tanzu

<p>Micro Focus AccuRev is a software configuration management tool that addresses complex parallel and distributed development environments with a stream-based architecture to accelerate development and improve asset reuse.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRZWA4/accurev" target="_blank">Support community</a></li>
</ul>
<p> </p>

AccuRev
Source code management (SCM)

Micro Focus AccuRev is a software configuration management tool that addresses complex parallel and distributed development environments with a stream-based architecture to accelerate development and improve asset reuse.

Integrates with Coverity

 

<p>GitHub is a cloud-based Git repository hosting service.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a> and <a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html" target="_blank">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LJTTGA4/github" target="_blank">Support community</a></li>
</ul>
<p> </p>

GitHub
Source code management (SCM)

GitHub is a cloud-based Git repository hosting service.

Integrates with Coverity and Intelligent Orchestration

 

<p>Subversion by Apache is an open source version control system.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRbWAO/apache-subversion-svn" target="_blank">Support community</a></li>
</ul>
<p> </p>

Subversion
Source code management (SCM)

Subversion by Apache is an open source version control system.

Integrates with Coverity

 

<p>Azure Repos by Microsoft (formerly TFS SCM) is a set of version control tools that you can use to manage your code; it includes unlimited private Git repository hosting and support for TFVC.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRkWAO/team-foundation-server-scm" target="_blank">Support community</a></li>
</ul>
<p> </p>

Azure Repos
Source code management (SCM)

Azure Repos by Microsoft (formerly TFS SCM) is a set of version control tools that you can use to manage your code; it includes unlimited private Git repository hosting and support for TFVC.

Integrates with Coverity

 

<p>GitLab is a web-based Git repository that provides free, open, and private repositories; issue-following capabilities; and wikis.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a> and <a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html" target="_blank">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRSWA4/gitlab" target="_blank">Support community</a></li>
</ul>
<p> </p>

GitLab
Source code management (SCM)

GitLab is a web-based Git repository that provides free, open, and private repositories; issue-following capabilities; and wikis.

Integrates with Coverity and Intelligent Orchestration

 

<p>Bitbucket by Atlassian is a Git-based code hosting and collaboration tool built for teams.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a> and <a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html" target="_blank">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LpSCGA0/bitbucket" target="_blank">Support community</a></li>
</ul>
<p> </p>

Bitbucket
Source code management (SCM)

Bitbucket by Atlassian is a Git-based code hosting and collaboration tool built for teams.

Integrates with Coverity and Intelligent Orchestration

 

<p>Helix Core version control by Perforce is enterprise-class version control software that tracks and manages changes to all your digital assets.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRnWAO/helix" target="_blank">Support community</a></li>
</ul>
<p> </p>

Helix Core
Source code management (SCM)

Helix Core version control by Perforce is enterprise-class version control software that tracks and manages changes to all your digital assets.

Integrates with Coverity

 

<p>Concurrent Versions System (CVS) is a free, client-server-based version control system that records the history of sources files and documents.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRaWAO/cvs" target="_blank">Support community</a></li>
</ul>
<p> </p>

Concurrent Versions System (CVS)
Source code management (SCM)

Concurrent Versions System (CVS) is a free, client-server-based version control system that records the history of sources files and documents.

Integrates with Coverity

 

<p>Mercurial is a free, distributed source control management tool.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDRlWAO/mercurial-hg" target="_blank">Support community</a></li>
</ul>
<p> </p>

Mercurial
Source code management (SCM)

Mercurial is a free, distributed source control management tool.

Integrates with Coverity

 

<p>Android Studio by Google provides tools for building apps on every type of Android device.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000Lm0EGAS/android-studio" target="_blank">Support community</a></li>
</ul>
<p> </p>

Android Studio
Integrated development environment (IDE)

Android Studio by Google provides tools for building apps on every type of Android device.

Integrates with Coverity

 

<p>PhpStorm by JetBrains is a PHP IDE that provides built-in tools for debugging, testing, and profiling PHP applications.</p>
<p>Integrates with Coverity (via Code Sight), <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSNWA4/phpstorm" target="_blank">Support community</a></li>
</ul>
<p> </p>

PhpStorm
Integrated development environment (IDE)

PhpStorm by JetBrains is a PHP IDE that provides built-in tools for debugging, testing, and profiling PHP applications.

Integrates with Coverity (via Code Sight), Coverity

 

<p>Microsoft Visual Studio enables you to build web, mobile, and native applications for multiple operating systems and devices with C#, C++, Node.js, F#, Python, or Visual Basic.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>, Black Duck (via Code Sight), Coverity (via Code Sight), <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO340000000sspGAA/visual-studio" target="_blank">Support community</a></li>
</ul>
<p> </p>

Visual Studio
Integrated development environment (IDE)

Microsoft Visual Studio enables you to build web, mobile, and native applications for multiple operating systems and devices with C#, C++, Node.js, F#, Python, or Visual Basic.

Integrates with Code Dx, Black Duck (via Code Sight), Coverity (via Code Sight), Coverity

 

<p>The Eclipse IDE is known as a Java IDE, but also includes variants for C/C++, JavaScript/TypeScript, PHP, and more.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>, Coverity (via Code Sight), Black Duck (via Code Sight),<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO340000004XzpGAE/eclipse" target="_blank">Support community</a></li>
</ul>
<p> </p>

Eclipse IDE
Integrated development environment (IDE)

The Eclipse IDE is known as a Java IDE, but also includes variants for C/C++, JavaScript/TypeScript, PHP, and more.

Integrates with Code Dx, Coverity (via Code Sight), Black Duck (via Code Sight), Coverity

 

<p>PyCharm by JetBrains is a Python IDE that brings all Python tools together in one place.</p>
<p>Integrates with Coverity (via Code Sight),<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSKWA4/pycharm" target="_blank">Support community</a></li>
</ul>
<p> </p>

PyCharm
Integrated development environment (IDE)

PyCharm by JetBrains is a Python IDE that brings all Python tools together in one place.

Integrates with Coverity (via Code Sight), Coverity

 

<p>Microsoft Visual Studio Code is a streamlined open source code editor with support for development operations like debugging, task running, and version control.</p>
<p>Integrates with Coverity (via Code Sight),<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a>, Sigma</p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000001CLbWAM/visual-studio-code" target="_blank">Support community</a></li>
</ul>
<p> </p>

Visual Studio Code
Integrated development environment (IDE)

Microsoft Visual Studio Code is a streamlined open source code editor with support for development operations like debugging, task running, and version control.

Integrates with Coverity (via Code Sight), Coverity, Sigma

 

<p>IBM Engineering Workflow Management (formerly Rational Team Concert) is a collaborative software development tool that teams use to manage all aspects of their work.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCySWAU/ibm-engineering-workflow-management" target="_blank">Support community</a></li>
</ul>
<p> </p>

IBM Engineering Workflow Management
Integrated development environment (IDE)

IBM Engineering Workflow Management (formerly Rational Team Concert) is a collaborative software development tool that teams use to manage all aspects of their work.

Integrates with Coverity

 

<p>The QNX Momentics Tool Suite by Blackberry offers an Eclipse-based IDE and command-line tools that will be familiar to anyone who’s worked with Linux.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSOWA4/momentix" target="_blank">Support community</a></li>
</ul>
<p> </p>

QNX Momentics Tool Suite
Integrated development environment (IDE)

The QNX Momentics Tool Suite by Blackberry offers an Eclipse-based IDE and command-line tools that will be familiar to anyone who’s worked with Linux.

Integrates with Coverity

 

<p>WebStorm by JetBrains is a JavaScript IDE for intelligent code completion, on-the-fly error detection, powerful navigation, and refactoring for JavaScript, TypeScript, stylesheet languages, and other popular frameworks.</p>
<p>Integrates with Black Duck (via Code Sight), Coverity (via Code Sight),<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSLWA4/webstorm" target="_blank">Support community</a></li>
</ul>
<p> </p>

WebStorm
Integrated development environment (IDE)

WebStorm by JetBrains is a JavaScript IDE for intelligent code completion, on-the-fly error detection, powerful navigation, and refactoring for JavaScript, TypeScript, stylesheet languages, and other popular frameworks.

Integrates with Black Duck (via Code Sight), Coverity (via Code Sight), Coverity

 

<p>IntelliJ IDEA by JetBrains is an IDE for JVM that helps maximize developer productivity with intelligent coding assistance and ergonomic design.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>, Black Duck (via Code Sight), Coverity (via Code Sight),<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LJbZGAW/intellij" target="_blank">Support community</a></li>
</ul>
<p> </p>

IntelliJ IDEA
Integrated development environment (IDE)

IntelliJ IDEA by JetBrains is an IDE for JVM that helps maximize developer productivity with intelligent coding assistance and ergonomic design.

Integrates with Code Dx, Black Duck (via Code Sight), Coverity (via Code Sight), Coverity

 

<p>RubyMine by JetBrains is an IDE that helps Ruby on Rails developers be more productive in every aspect of Ruby/Rails project development.</p>
<p>Integrates with Coverity (via Code Sight),<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSPWA4/rubymine" target="_blank">Support community</a></li>
</ul>
<p> </p>

RubyMine
Integrated development environment (IDE)

RubyMine by JetBrains is an IDE that helps Ruby on Rails developers be more productive in every aspect of Ruby/Rails project development.

Integrates with Coverity (via Code Sight), Coverity

 

<p>Wind River Workbench is a complete suite of developer tools for software running on Wind River Systems platforms.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LoJuGAK/windriver-workbench" target="_blank">Support community</a></li>
</ul>
<p> </p>

Wind River Workbench
Integrated development environment (IDE)

Wind River Workbench is a complete suite of developer tools for software running on Wind River Systems platforms.

Integrates with Coverity

 

<p>The Bazel build system by Google helps developers build and test software of any size.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000gGYyGAM/bazel" target="_blank">Support community</a></li>
</ul>
<p> </p>

Bazel
Package manager

The Bazel build system by Google helps developers build and test software of any size.

Integrates with Black Duck

 

<p>Composer is an open source dependency manager for PHP.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSVWA4/composer" target="_blank">Support community</a></li>
</ul>
<p> </p>

Composer
Package manager

Composer is an open source dependency manager for PHP.

Integrates with Black Duck

 

<p>The Go Module CLI is used to manage Golang dependencies.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCycWAE/go-module-cli" target="_blank">Support community</a></li>
</ul>
<p> </p>

Go Module CLI
Package manager

The Go Module CLI is used to manage Golang dependencies.

Integrates with Black Duck

 

<p>Apache Maven is an open source software project management and comprehension tool that can manage a project's build, reporting, and documentation from a central piece of information.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a> and<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000009VrmWAE/maven" target="_blank">Support community</a></li>
</ul>
<p> </p>

Maven
Package manager

Apache Maven is an open source software project management and comprehension tool that can manage a project's build, reporting, and documentation from a central piece of information.

Integrates with Black Duck and Coverity

 

<p>Pip by the Python Packaging Authority (PyPA) is the open source package installer for Python that installs packages from the Python Package Index and other indexes.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000001Cl0WAE/pip" target="_blank">Support community</a></li>
</ul>
<p> </p>

Pip
Package manager

Pip by the Python Packaging Authority (PyPA) is the open source package installer for Python that installs packages from the Python Package Index and other indexes.

Integrates with Black Duck

 

<p>Yarn is an open source package manager that also functions as a project manager.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a> and<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000gH6TWAU/yarn" target="_blank">Support community</a></li>
</ul>
<p> </p>

Yarn
Package manager

Yarn is an open source package manager that also functions as a project manager.

Integrates with Black Duck and Coverity

 

<p>Bower manages web site components including frameworks, libraries, assets, and utilities.</p>
<p>Integrates with<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCyoWAE/bower" target="_blank">Support community</a></li>
</ul>
<p> </p>

Bower
Package manager

Bower manages web site components including frameworks, libraries, assets, and utilities.

Integrates with Coverity

 

<p>Comprehensive Perl Archive Network (CPAN) is a large collection of Perl software and documentation.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSWWA4/cpanm" target="_blank">Support community</a></li>
</ul>
<p> </p>

Comprehensive Perl Archive Network (CPAN)
Package manager

Comprehensive Perl Archive Network (CPAN) is a large collection of Perl software and documentation.

Integrates with Black Duck

 

<p>Go Vndr is simple, open source vendoring tool for Golang.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCyZWAU/go-vndr" target="_blank">Support community</a></li>
</ul>
<p> </p>

Go Vndr
Package manager

Go Vndr is simple, open source vendoring tool for Golang.

Integrates with Black Duck

 

<p>The open source npm registry is the center of JavaScript code-sharing and the largest software registry in the world.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a> and<b> </b><a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000M9e5GAC/npm" target="_blank">Support community</a></li>
</ul>
<p> </p>

npm
Package manager

The open source npm registry is the center of JavaScript code-sharing and the largest software registry in the world.

Integrates with Black Duck and Coverity

 

<p>Poetry is an open source Python packaging and dependency manager.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCylWAE/poetry" target="_blank">Support community</a></li>
</ul>
<p> </p>

Poetry
Package manager

Poetry is an open source Python packaging and dependency manager.

Integrates with Black Duck

 

<p>The Yocto Project (YP) is a Linux Foundation collaborative open source project that creates custom Linux distributions.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCyjWAE/yocto" target="_blank">Support community</a></li>
</ul>
<p> </p>

Yocto Project (YP)
Package manager

The Yocto Project (YP) is a Linux Foundation collaborative open source project that creates custom Linux distributions.

Integrates with Black Duck

 

<p>Cargo by Mozilla is the Rust community’s crate registry.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCyRWAU/cargo" target="_blank">Support community</a></li>
</ul>
<p> </p>

Cargo
Package manager

Cargo by Mozilla is the Rust community’s crate registry.

Integrates with Black Duck

 

<p>Conan by JFrog is an open source, decentralized, and multiplatform package manager used to create and share native binaries.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCydWAE/conan" target="_blank">Support community</a></li>
</ul>
<p> </p>

Conan
Package manager

Conan by JFrog is an open source, decentralized, and multiplatform package manager used to create and share native binaries.

Integrates with Black Duck

 

<p>Gogradle is an open source Gradle plugin that provides modern build support for Golang.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCybWAE/go-gradle" target="_blank">Support community</a></li>
</ul>
<p> </p>

Gogradle
Package manager

Gogradle is an open source Gradle plugin that provides modern build support for Golang.

Integrates with Black Duck

 

<p>NuGet is the open source package manager for .NET. </p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000009VgAWAU/nuget" target="_blank">Support community</a></li>
</ul>
<p> </p>

NuGet
Package manager

NuGet is the open source package manager for .NET. 

Integrates with Black Duck

 

<p>Rebar3 is an Erlang tool that makes it easy to create, develop, and release Erlang libraries, applications, and systems in a repeatable manner.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCykWAE/rebar3" target="_blank">Support community</a></li>
</ul>
<p> </p>

Rebar3
Package manager

Rebar3 is an Erlang tool that makes it easy to create, develop, and release Erlang libraries, applications, and systems in a repeatable manner.

Integrates with Black Duck

 

<p>CocoaPods is an open source dependency manager for Swift and Objective-C Cocoa projects.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSMWA4/cocoapods" target="_blank">Support community</a></li>
</ul>
<p> </p>

CocoaPods
Package manager

CocoaPods is an open source dependency manager for Swift and Objective-C Cocoa projects.

Integrates with Black Duck

 

<p>Conda is an open source package management system and environment management system that runs on Windows, macOS, and Linux. </p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSXWA4/conda" target="_blank">Support community</a></li>
</ul>
<p> </p>

Conda
Package manager

Conda is an open source package management system and environment management system that runs on Windows, macOS, and Linux. 

Integrates with Black Duck

 

<p>Lerna is an open source tool for managing JavaScript projects with multiple packages.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCyiWAE/lerna" target="_blank">Support community</a></li>
</ul>
<p> </p>

Lerna
Package manager

Lerna is an open source tool for managing JavaScript projects with multiple packages.

Integrates with Black Duck

 

<p>Packrat by Rstudio is an open source dependency management system for the R programming language.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSdWAO/packrat" target="_blank">Support community</a></li>
</ul>
<p> </p>

Packrat
Package manager

Packrat by Rstudio is an open source dependency management system for the R programming language.

Integrates with Black Duck

 

<p>RubyGems is the Ruby community’s gem hosting service.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDScWAO/rubygems" target="_blank">Support community</a></li>
</ul>
<p> </p>

RubyGems
Package manager

RubyGems is the Ruby community’s gem hosting service.

Integrates with Black Duck

 

<p>Amazon Web Services (AWS) CodeBuild is a fully managed, continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDQtWAO/awscodebuild" target="_blank">Support community</a></li>
</ul>
<p> </p>

AWS CodeBuild
Build and CI

Amazon Web Services (AWS) CodeBuild is a fully managed, continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

Integrates with Black Duck

 

<p>CircleCI by Circle Internet Services automates your development process with continuous integration in its cloud or on your own infrastructure.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDQlWAO/circleci" target="_blank">Support community</a></li>
</ul>
<p> </p>

CircleCI
Build and CI

CircleCI by Circle Internet Services automates your development process with continuous integration in its cloud or on your own infrastructure.

Integrates with Black Duck

 

<p>GitHub Actions automates all your software workflows including CI/CD to build, test, and deploy your code right from GitHub.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>, <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a>, and <a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSuWAO/github-actions" target="_blank">Support community</a></li>
</ul>
<p> </p>

GitHub Actions
Build and CI

GitHub Actions automates all your software workflows including CI/CD to build, test, and deploy your code right from GitHub.

Integrates with Black DuckCoverity, and Intelligent Orchestration

 

<p>sbt is an open source software build tool for building, testing, and deploying Scala and Java projects.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSjWAO/sbt" target="_blank">Support community</a></li>
</ul>
<p> </p>

sbt
Build and CI

sbt is an open source software build tool for building, testing, and deploying Scala and Java projects.

Integrates with Black Duck

 

<p>Azure DevOps Server by Microsoft enables you to share code, track work, and ship software using integrated software delivery tools that are hosted on premises.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>, <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a>, and <a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html">Seeker</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000009VySWAU/azuredevops" target="_blank">Support community</a></li>
</ul>
<p> </p>

Azure DevOps Server
Build and CI

Azure DevOps Server by Microsoft enables you to share code, track work, and ship software using integrated software delivery tools that are hosted on premises.

Integrates with Black DuckCoverity, and Seeker

 

<p>CloudBees Software Delivery Automation is a centralized solution that manages Jenkins Controllers, providing scalable security, compliance, and efficiency of Jenkins in enterprises.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a> and <a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html" target="_blank">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSwWAO/cloudbees" target="_blank">Support community</a></li>
</ul>
<p> </p>

CloudBees Software Delivery Automation
Build and CI

CloudBees Software Delivery Automation is a centralized solution that manages Jenkins Controllers, providing scalable security, compliance, and efficiency of Jenkins in enterprises.

Integrates with Black Duck and Intelligent Orchestration

 

<p>GitLab CI automates software development workflows, reduces costs, and ensures code quality.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000009VbFWAU/gitlab-ci" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

GitLab CI
Build and CI

GitLab CI automates software development workflows, reduces costs, and ensures code quality.

Integrates with Black Duck and Intelligent Orchestration

 

<p>TeamCity by JetBrains is a general-purpose CI/CD solution that allows flexibility for many types of workflows and development practices.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDQkWAO/teamcity" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

TeamCity
Build and CI

TeamCity by JetBrains is a general-purpose CI/CD solution that allows flexibility for many types of workflows and development practices.

Integrates with Black Duck and Code Dx

 

<p>Azure Pipelines by Microsoft lets you build, test, and deploy with CI/CD, and it works with any language, platform, or cloud—including GitHub or any other Git provider.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>, <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>, and <a href="https://www.synopsys.com/software-integrity/security-testing/api-security-testing.html" target="_blank">Tinfoil</a></p>
<ul>
<li><a href="https://azure.microsoft.com/en-us/services/devops/pipelines/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Azure Pipelines
Build and CI

Azure Pipelines by Microsoft lets you build, test, and deploy with CI/CD, and it works with any language, platform, or cloud—including GitHub or any other Git provider.

Integrates with Black Duck, Code Dx, and Tinfoil

 

<p>CodeShip by CloudBees is a software-as-a-service (SaaS) solution that empowers engineering teams to implement and optimize CI and CD in the cloud.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDQrWAO/codeship" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

CodeShip
Build and CI

CodeShip by CloudBees is a software-as-a-service (SaaS) solution that empowers engineering teams to implement and optimize CI and CD in the cloud.

Integrates with Black Duck

 

<p>Gradle is a build automation tool that helps teams build, automate, and deliver better software faster.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LJovGAG/gradle" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Gradle
Build and CI

Gradle is a build automation tool that helps teams build, automate, and deliver better software faster.

Integrates with Black Duck and Coverity

 

<p>Travis CI is a continuous integration platform that enables teams to test and ship applications with confidence.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LpGHGA0/travis-ci" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Travis CI
Build and CI

Travis CI is a continuous integration platform that enables teams to test and ship applications with confidence.

Integrates with Black Duck

 

<p>Bamboo by Atlassian&nbsp;for continuous integration, deployment, and delivery ties automated builds, tests, and releases together in a single workflow.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html" target="_blank">Black Duck</a>,&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>, and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/api-security-testing.html" target="_blank">Tinfoil</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MCxrWAG/bamboo" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Bamboo
Build and CI

Bamboo by Atlassian for continuous integration, deployment, and delivery ties automated builds, tests, and releases together in a single workflow.

Integrates with Black DuckCode Dx, and Tinfoil

 

<p>Concourse by VMware is an open source CI/CD platform that is flexible and can be used for many kinds of automation.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDQsWAO/concourse" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Concourse
Build and CI

Concourse by VMware is an open source CI/CD platform that is flexible and can be used for many kinds of automation.

Integrates with Black Duck

 

<p>Jenkins is an open source automation server that provides plugins to support building, deploying, and automating any project.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>, <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>, <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a>, <a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a>, and <a href="https://www.synopsys.com/software-integrity/security-testing/api-security-testing.html" target="_blank">Tinfoil</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LJqkGAG/jenkins" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Jenkins
Build and CI

Jenkins is an open source automation server that provides plugins to support building, deploying, and automating any project.

Integrates with Black Duck, Code Dx, Coverity, Seeker, and Tinfoil

 

<p>Wind River Studio is a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent edge systems that require security, safety, and reliability.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgnWAE/wind-river-studio" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Wind River Studio
Build and CI

Wind River Studio is a cloud-native platform for the development, deployment, operations, and servicing of mission-critical intelligent edge systems that require security, safety, and reliability.

Integrates with Coverity

 

<p>Amazon Elastic Container Registry (ECR) is a fully managed container registry that stores, manages, shares, and deploys your container images and artifacts anywhere.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSkWAO/ecr" target="_blank">Support community</a></li>
</ul>
<p> </p>

Amazon Elastic Container Registry (ECR)
Binary repository

Amazon Elastic Container Registry (ECR) is a fully managed container registry that stores, manages, shares, and deploys your container images and artifacts anywhere.

Integrates with Black Duck

 

<p>The Google Container Registry is a single place to manage Docker images, perform vulnerability analysis, and decide who can access what with fine-grained access control.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSmWAO/gcr" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Google Container Registry
Binary repository

The Google Container Registry is a single place to manage Docker images, perform vulnerability analysis, and decide who can access what with fine-grained access control.

Integrates with Black Duck

 

<p>Artifactory by JFrog is a repository manager that fully supports packages, container images, and Helm charts as they move across the entire DevOps pipeline.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDR7WAO/black-duck-artifactory-plugin" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Artifactory
Binary repository

Artifactory by JFrog is a repository manager that fully supports packages, container images, and Helm charts as they move across the entire DevOps pipeline.

Integrates with Black Duck

 

<p>The Nexus Repository by Sonatype enables you to manage binaries and build artifacts across your software supply chain.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDR8WAO/hubnexus" target="_blank">Support community</a></li>
</ul>
<p> </p>

Nexus Repository
Binary repository

The Nexus Repository by Sonatype enables you to manage binaries and build artifacts across your software supply chain.

Integrates with Black Duck

 

<p>The Azure Container Registry by Microsoft enables you to build, store, secure, scan, replicate, and manage container images and artifacts with a fully managed, geo-replicated instance of&nbsp;OCI distribution.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSlWAO/azure-container-registry" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Azure Container Registry
Binary repository

The Azure Container Registry by Microsoft enables you to build, store, secure, scan, replicate, and manage container images and artifacts with a fully managed, geo-replicated instance of OCI distribution.

Integrates with Black Duck

 

<p>The Docker Registry is a stateless, highly scalable, server-side application that stores and lets you distribute Docker images.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MD6XWAW/black-duck-docker-inspector" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Docker Registry
Binary repository

The Docker Registry is a stateless, highly scalable, server-side application that stores and lets you distribute Docker images.

Integrates with Black Duck

 

<p>Microsoft Azure Boards helps you plan, track, and discuss work across your teams.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDT4WAO/azure-boards" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Azure Boards
Workflow and notifications

Microsoft Azure Boards helps you plan, track, and discuss work across your teams.

Integrates with Black Duck

 

<p>Slack is a channel-based messaging platform that enables teams to work together more effectively while connecting all their software tools and services.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html" target="_blank">Intelligent Orchestration</a>,&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a>, and <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSvWAO/slack" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Slack
Workflow and notifications

Slack is a channel-based messaging platform that enables teams to work together more effectively while connecting all their software tools and services.

Integrates with Intelligent OrchestrationSeeker, and Black Duck

 

<p>Bugzilla&nbsp;is server software designed to help you manage software development.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDSyWAO/bugzilla" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Bugzilla
Workflow and notifications

Bugzilla is server software designed to help you manage software development.

Integrates with Coverity

 

<p>Software Package Data Exchange (SPDX) by the Linux Foundation reduces redundant work by providing a common format for companies and communities to share important data, streamlining and improving compliance.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDT5WAO/spdx" target="_blank">Support community</a></li>
</ul>
<p> </p>

Software Package Data Exchange (SPDX)
Workflow and notifications

Software Package Data Exchange (SPDX) by the Linux Foundation reduces redundant work by providing a common format for companies and communities to share important data, streamlining and improving compliance.

Integrates with Black Duck

 

<p>The Jira Software platform by Atlassian helps teams plan, assign, track, report, and manage work.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html" target="_blank">Black Duck</a>, <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a>, <a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a>, and <a href="https://www.synopsys.com/software-integrity/security-testing/api-security-testing.html" target="_blank">Tinfoil</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO340000000tM4GAI/jira" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Jira Software
Workflow and notifications

The Jira Software platform by Atlassian helps teams plan, assign, track, report, and manage work.

Integrates with Black Duck, Coverity, Seeker, and Tinfoil

 

<p>Microsoft Teams enables you to meet, chat, call, and collaborate in one place.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDT3WAO/microsoft-teams" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Microsoft Teams
Workflow and notifications

Microsoft Teams enables you to meet, chat, call, and collaborate in one place.

Integrates with Black Duck

 

<p>Acunetix by Invicti Security is an automated web application security testing tool that audits web applications by checking for exploitable vulnerabilities.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgpWAE/acunetix" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Acunetix
Security testing

Acunetix by Invicti Security is an automated web application security testing tool that audits web applications by checking for exploitable vulnerabilities.

Integrates with Code Dx

 

<p>The Aqua Cloud Native Security Platform (CNAPP) protects your entire stack, on any cloud, across virtual machines (VMs), containers, and serverless.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgoWAE/aqua-cloud-native-security-platform" target="_blank">Support community</a></li>
</ul>
<p> </p>

Aqua Cloud Native Security Platform (CNAPP)
Security testing

The Aqua Cloud Native Security Platform (CNAPP) protects your entire stack, on any cloud, across virtual machines (VMs), containers, and serverless.

Integrates with Code Dx

 

<p>Checkmarx Interactive Application Security Testing (CxIAST) automates the detection of runtime vulnerabilities during functional testing.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgwWAE/checkmarx-interactive-application-security-testing" target="_blank">Support community</a></li>
</ul>
<p> </p>

Checkmarx Interactive Application Security Testing (CxIAST)
Security testing

Checkmarx Interactive Application Security Testing (CxIAST) automates the detection of runtime vulnerabilities during functional testing.

Integrates with Code Dx

 

<p>The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh2WAE/clang-static-analyzer" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Clang Static Analyzer
Security testing

The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.

Integrates with Code Dx

 

<p>Contrast Assess is an interactive application security testing solution that infuses software with vulnerability assessment capabilities so that security flaws are automatically identified.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh0WAE/contrast-assess" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Contrast Assess
Security testing

Contrast Assess is an interactive application security testing solution that infuses software with vulnerability assessment capabilities so that security flaws are automatically identified.

Integrates with Code Dx

 

<p>Errcheck is an open source program that searches for unchecked errors in Go programs.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh5WAE/errcheck" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Errcheck
Security testing

Errcheck is an open source program that searches for unchecked errors in Go programs.

Integrates with Code Dx

 

<p>Fortify Software Security Center by CyberRes, a Micro Focus line of business, is a suite of tightly integrated solutions that fix and prevent security vulnerabilities in applications.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhGWAU/fortify-software-security-center" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Fortify Software Security Center
Security testing

Fortify Software Security Center by CyberRes, a Micro Focus line of business, is a suite of tightly integrated solutions that fix and prevent security vulnerabilities in applications.

Integrates with Code Dx

 

<p>Gendarme by Mono (sponsored by Microsoft) is an open source, extensible, rule-based tool that finds problems in .NET applications and libraries.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhCWAU/gendarme" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Gendarme
Security testing

Gendarme by Mono (sponsored by Microsoft) is an open source, extensible, rule-based tool that finds problems in .NET applications and libraries.

Integrates with Code Dx

 

<p>HCL AppScan delivers scalable application security testing and risk management capabilities to help enterprises manage risk and compliance.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhKWAU/hcl-appscan" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

HCL AppScan
Security testing

HCL AppScan delivers scalable application security testing and risk management capabilities to help enterprises manage risk and compliance.

Integrates with Code Dx

 

<p>JSHint is an open source static analysis tool that detects errors and potential problems in JavaScript code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>&nbsp;and <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhOWAU/jshint" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

JSHint
Security testing

JSHint is an open source static analysis tool that detects errors and potential problems in JavaScript code.

Integrates with Code Dx and Coverity

 

<p>Netsparker by Invicti is an automated, fully configurable web application security scanner that enables you to scan websites, web applications, and web services for security flaws.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhRWAU/netsparker" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Netsparker
Security testing

Netsparker by Invicti is an automated, fully configurable web application security scanner that enables you to scan websites, web applications, and web services for security flaws.

Integrates with Code Dx

 

<p>NowSecure INTEL provides third-party mobile app vetting to assess the security of any app on the Apple App Store or Google Play Store, to help you determine whether to allow the app within your environment.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhYWAU/nowsecure-intel" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

NowSecure INTEL
Security testing

NowSecure INTEL provides third-party mobile app vetting to assess the security of any app on the Apple App Store or Google Play Store, to help you determine whether to allow the app within your environment.

Integrates with Code Dx

 

<p>Parasoft C/C++test is a unified, fully integrated testing solution for C/C++ software development.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhdWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Parasoft C/C++test
Security testing

Parasoft C/C++test is a unified, fully integrated testing solution for C/C++ software development.

Integrates with Code Dx

 

<p>PHP_CodeSniffer is an open source tool for finding violations of PHP coding standards.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhZWAU/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

PHP_CodeSniffer
Security testing

PHP_CodeSniffer is an open source tool for finding violations of PHP coding standards.

Integrates with Code Dx

 

<p>Qualys Vulnerability Management (VM) provides global visibility into where IT assets are vulnerable and how to protect them.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhiWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

Qualys Vulnerability Management (VM)
Security testing

Qualys Vulnerability Management (VM) provides global visibility into where IT assets are vulnerable and how to protect them.

Integrates with Code Dx

 

<p>Scalastyle is an open source Scala-style checker that examines Scala code and indicates potential problems with it.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhlWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Scalastyle
Security testing

Scalastyle is an open source Scala-style checker that examines Scala code and indicates potential problems with it.

Integrates with Code Dx

 

<p>Snyk Container is a vulnerability management tool for container and Kubernetes security to help developers find and fix vulnerabilities in cloud-native applications.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhpWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Snyk Container
Security testing

Snyk Container is a vulnerability management tool for container and Kubernetes security to help developers find and fix vulnerabilities in cloud-native applications.

Integrates with Code Dx

 

<p>sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhtWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

sqlmap
Security testing

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.

Integrates with Code Dx

 

<p>DefenseCode ThunderScan is a static application security testing (SAST) solution that performs deep and extensive security analysis of application source code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi2WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

ThunderScan
Security testing

DefenseCode ThunderScan is a static application security testing (SAST) solution that performs deep and extensive security analysis of application source code.

Integrates with Code Dx

 

<p>Veracode Software Composition Analysis (SCA) detects open source vulnerabilities to manage open source risk.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhxWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

Veracode Software Composition Analysis (SCA)
Security testing

Veracode Software Composition Analysis (SCA) detects open source vulnerabilities to manage open source risk.

Integrates with Code Dx

 

<p>Visual Studio Code Analysis is the Microsoft Visual Studio built-in static source code analyzer for .NET and C++.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html">Code Dx</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi6WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Visual Studio Code Analysis
Security testing

Visual Studio Code Analysis is the Microsoft Visual Studio built-in static source code analyzer for .NET and C++.

Integrates with Code Dx and Coverity

 

<p>Anchore Enterprise is a complete container security workflow solution.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgrWAE/anchore-enterprise" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Anchore Enterprise
Security testing

Anchore Enterprise is a complete container security workflow solution.

Integrates with Code Dx

 

<p>Arachni is an open source web application security scanner framework that creates automated security reports for your website as it evolves.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDguWAE/arachni" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Arachni
Security testing

Arachni is an open source web application security scanner framework that creates automated security reports for your website as it evolves.

Integrates with Code Dx

 

<p>Checkmarx Software Composition Analysis (CxSCA) provides accurate, relevant, and actionable open source risk insight.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgxWAE/checkmarx-software-composition-analysis" target="_blank">Support community</a></li>
</ul>
<p> </p>

Checkmarx Software Composition Analysis (CxSCA)
Security testing

Checkmarx Software Composition Analysis (CxSCA) provides accurate, relevant, and actionable open source risk insight.

Integrates with Code Dx

 

<p>Code Cracker is an open source analyzer library for C# and Visual Basic that uses Roslyn to produce refactorings, code analysis, and more.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh1WAE/code-cracker" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Code Cracker
Security testing

Code Cracker is an open source analyzer library for C# and Visual Basic that uses Roslyn to produce refactorings, code analysis, and more.

Integrates with Code Dx

 

<p>Cppcheck is an open source static analysis tool for the C and C++ programming languages.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh9WAE/cppcheck" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Cppcheck
Security testing

Cppcheck is an open source static analysis tool for the C and C++ programming languages.

Integrates with Code Dx

 

<p>Error Prone is an open source static analysis tool for Java that can help find potential issues within the Android codebase.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhAWAU/error-prone" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Error Prone
Security testing

Error Prone is an open source static analysis tool for Java that can help find potential issues within the Android codebase.

Integrates with Code Dx

 

<p>Fortify Static Code Analyzer by CyberRes, a Micro Focus line of business, is a static application security testing tool that enables developers to find and fix security defects in real time during the coding process.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhDWAU/fortify-static-code-analyzer" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Fortify Static Code Analyzer
Security testing

Fortify Static Code Analyzer by CyberRes, a Micro Focus line of business, is a static application security testing tool that enables developers to find and fix security defects in real time during the coding process.

Integrates with Code Dx

 

<p>Gocyclo calculates cyclomatic complexities of functions in Go source code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhJWAU/gocyclo" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Gocyclo
Security testing

Gocyclo calculates cyclomatic complexities of functions in Go source code.

Integrates with Code Dx

 

<p>Ineffassign detects ineffectual assignments in Go code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhIWAU/ineffassign" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Ineffassign
Security testing

Ineffassign detects ineffectual assignments in Go code.

Integrates with Code Dx

 

<p>The Microsoft Threat Modeling Tool makes threat modeling easier for all developers through a standard notation for visualizing system components, data flows, and security boundaries.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhSWAU/microsoft-threat-modeling-tool" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Microsoft Threat Modeling Tool
Security testing

The Microsoft Threat Modeling Tool makes threat modeling easier for all developers through a standard notation for visualizing system components, data flows, and security boundaries.

Integrates with Code Dx

 

<p>Nexus Lifecycle by Sonatype is a software composition analysis tool that continuously monitors and identifies potential issues and uses your policies to automatically fix them for you.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhUWAU/nexus-lifecycle" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Nexus Lifecycle
Security testing

Nexus Lifecycle by Sonatype is a software composition analysis tool that continuously monitors and identifies potential issues and uses your policies to automatically fix them for you.

Integrates with Code Dx

 

<p>NowSecure Workstation is a preconfigured hardware and software kit that compresses mobile app vulnerability assessment down to hours and enables repeatable, standards-based testing with pre-formatted reporting.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhVWAU/nowsecure-workstation" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

NowSecure Workstation
Security testing

NowSecure Workstation is a preconfigured hardware and software kit that compresses mobile app vulnerability assessment down to hours and enables repeatable, standards-based testing with pre-formatted reporting.

Integrates with Code Dx

 

<p>Parasoft dotTEST is a C# and .NET static analysis tool that verifies C# and VB.NET code quality and checks compliance with industry and security standards.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhaWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Parasoft dotTEST
Security testing

Parasoft dotTEST is a C# and .NET static analysis tool that verifies C# and VB.NET code quality and checks compliance with industry and security standards.

Integrates with Code Dx

 

<p>The phpcs-security-audit analyzer is a set of PHP_CodeSniffer rules for finding security vulnerabilities and weaknesses in PHP code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhgWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

phpcs-security-audit
Security testing

The phpcs-security-audit analyzer is a set of PHP_CodeSniffer rules for finding security vulnerabilities and weaknesses in PHP code.

Integrates with Code Dx

 

<p>Qualys Web Application Scanning (WAS) is a robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhjWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

Qualys Web Application Scanning (WAS)
Security testing

Qualys Web Application Scanning (WAS) is a robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations.

Integrates with Code Dx

 

<p>SD Elements by Security Compass provides tailored security requirements, design advice, secure coding standards, and step-by-step testing instructions on how to build secure applications from the ground up.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhoWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

SD Elements
Security testing

SD Elements by Security Compass provides tailored security requirements, design advice, secure coding standards, and step-by-step testing instructions on how to build secure applications from the ground up.

Integrates with Code Dx

 

<p>Snyk Open Source automatically detects vulnerabilities and accelerates fixing them throughout your development process.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhuWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Snyk Open Source
Security testing

Snyk Open Source automatically detects vulnerabilities and accelerates fixing them throughout your development process.

Integrates with Code Dx

 

<p>Staticcheck is an open source linter for the Go programming language that uses static analysis to finds bugs and performance issues, offers simplifications, and enforces style rules.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhvWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Staticcheck
Security testing

Staticcheck is an open source linter for the Go programming language that uses static analysis to finds bugs and performance issues, offers simplifications, and enforces style rules.

Integrates with Code Dx

 

<p>Trustwave App Scanner automates the process of finding security vulnerabilities in web applications and services.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi1WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Trustwave App Scanner
Security testing

Trustwave App Scanner automates the process of finding security vulnerabilities in web applications and services.

Integrates with Code Dx

 

<p>Veracode Static Analysis provides fast, automated feedback to developers in the IDE and CI/CD pipeline, conducts a full policy scan before deployment, and gives clear guidance on how to find, prioritize, and fix issues fast.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.veracode.com/s/knowledgeitem/veracode-code-dx-connector-MCLDUJ4X2XEJGULMDMOD3NOQUROI" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Veracode Static Analysis
Security testing

Veracode Static Analysis provides fast, automated feedback to developers in the IDE and CI/CD pipeline, conducts a full policy scan before deployment, and gives clear guidance on how to find, prioritize, and fix issues fast.

Integrates with Code Dx

 

<p>WhiteSource software composition analysis (SCA) for security and license automates open source management workflows.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi4WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

WhiteSource
Security testing

WhiteSource software composition analysis (SCA) for security and license automates open source management workflows.

Integrates with Code Dx

 

<p>The Android Studio Lint tool by Google scans Android project sources for potential bugs.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgqWAE/android-studio-lint" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Android Studio Lint
Security testing

The Android Studio Lint tool by Google scans Android project sources for potential bugs.

Integrates with Code Dx

 

<p>Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications that statically analyzes Rails application code to find security issues at any stage of development.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgvWAE/brakeman" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Brakeman
Security testing

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications that statically analyzes Rails application code to find security issues at any stage of development.

Integrates with Code Dx

 

<p>Checkmarx Static Application Security Testing (CxSAST) is a static analysis solution that identifies security vulnerabilities in custom code.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgyWAE/checkmarx-static-application-security-testing" target="_blank">Support community</a></li>
</ul>
<p> </p>

Checkmarx Static Application Security Testing (CxSAST)
Security testing

Checkmarx Static Application Security Testing (CxSAST) is a static analysis solution that identifies security vulnerabilities in custom code.

Integrates with Code Dx

 

<p>CodePeer by AdaCore is an Ada source code analyzer that detects runtime and logic errors and assesses potential bugs before program execution.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgzWAE/codepeer" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

CodePeer
Security testing

CodePeer by AdaCore is an Ada source code analyzer that detects runtime and logic errors and assesses potential bugs before program execution.

Integrates with Code Dx

 

<p>Deepfactor enables engineering teams to quickly discover and resolve security vulnerabilities, software supply chain risks, and compliance violations early in development and testing.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<p>&nbsp;</p>

Deepfactor Developer Security
Security testing

Deepfactor enables engineering teams to quickly discover and resolve security vulnerabilities, software supply chain risks, and compliance violations early in development and testing.

Integrates with Black Duck

 

<p>OWASP Dependency-Check is an open source software composition analysis (SCA) tool that detects publicly disclosed vulnerabilities within a project's dependencies.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh6WAE/dependencycheck" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Dependency-Check
Security testing

OWASP Dependency-Check is an open source software composition analysis (SCA) tool that detects publicly disclosed vulnerabilities within a project's dependencies.

Integrates with Code Dx

 

<p>ESLint is an open source static analysis tool that identifies problematic patterns in JavaScript code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh8WAE/eslint" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

ESLint
Security testing

ESLint is an open source static analysis tool that identifies problematic patterns in JavaScript code.

Integrates with Code Dx

 

<p>Fortify WebInspect is an automated and configurable web application security testing tool that mimics real-world hacking techniques and attacks.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhFWAU/fortify-webinspect" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Fortify WebInspect
Security testing

Fortify WebInspect is an automated and configurable web application security testing tool that mimics real-world hacking techniques and attacks.

Integrates with Code Dx

 

<p>Golint is a linter for Go source code (deprecated).</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhLWAU/golint" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Golint
Security testing

Golint is a linter for Go source code (deprecated).

Integrates with Code Dx

 

<p>JFrog Xray is a universal impact analysis product that enhances artifact security, container security, and open source software license compliance across your DevSecOps pipeline.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhMWAU/jfrog-xray" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

JFrog Xray
Security testing

JFrog Xray is a universal impact analysis product that enhances artifact security, container security, and open source software license compliance across your DevSecOps pipeline.

Integrates with Code Dx

 

<p>Mobile Secure by Data Theorem is a continuous automated security service that finds vulnerabilities and data privacy issues within mobile (iOS and Android) applications.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhQWAU/mobile-secure" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Mobile Secure
Security testing

Mobile Secure by Data Theorem is a continuous automated security service that finds vulnerabilities and data privacy issues within mobile (iOS and Android) applications.

Integrates with Code Dx

 

<p>Nmap (Network Mapper) is a free and open source license security scanner utility for network discovery and security auditing.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhWWAU/nmap" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Nmap
Security testing

Nmap (Network Mapper) is a free and open source license security scanner utility for network discovery and security auditing.

Integrates with Code Dx

 

<p>OCLint is an open source static analysis tool for improving quality and reducing defects by inspecting C, C++, and Objective-C code for potential problems.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhTWAU/oclint" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

OCLint
Security testing

OCLint is an open source static analysis tool for improving quality and reducing defects by inspecting C, C++, and Objective-C code for potential problems.

Integrates with Code Dx

 

<p>Parasoft Jtest is an integrated Java testing tool for application software development.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhcWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Parasoft Jtest
Security testing

Parasoft Jtest is an integrated Java testing tool for application software development.

Integrates with Code Dx

 

<p>Prisma Cloud by Palo Alto Networks is a cloud-native security platform that secures infrastructure, applications, data, and entitlements across hybrid and multicloud environments.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhhWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Prisma Cloud
Security testing

Prisma Cloud by Palo Alto Networks is a cloud-native security platform that secures infrastructure, applications, data, and entitlements across hybrid and multicloud environments.

Integrates with Code Dx

 

<p>Retire.js helps you detect the use of JavaScript library versions with known vulnerabilities.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhkWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Retire.js
Security testing

Retire.js helps you detect the use of JavaScript library versions with known vulnerabilities.

Integrates with Code Dx

 

<p>Security Code Scan (SCS) is an open source static code analyzer for .NET.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhqWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

Security Code Scan (SCS)
Security testing

Security Code Scan (SCS) is an open source static code analyzer for .NET.

Integrates with Code Dx

 

<p>Snyk Open Source License Compliance Management helps you maintain a rapid development pace while remaining compliant with the open source software licenses in your projects.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhrWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Snyk Open Source License Compliance Management
Security testing

Snyk Open Source License Compliance Management helps you maintain a rapid development pace while remaining compliant with the open source software licenses in your projects.

Integrates with Code Dx

 

<p>Tenable.io container security provides visibility into the security of container images, identifying vulnerabilities, malware, and policy violations through integration with the build process.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhwWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Tenable.io
Security testing

Tenable.io container security provides visibility into the security of container images, identifying vulnerabilities, malware, and policy violations through integration with the build process.

Integrates with Code Dx

 

<p>Veracode Dynamic Analysis scans web applications, finds exploitable vulnerabilities, and addresses issues immediately.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi0WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Veracode Dynamic Analysis
Security testing

Veracode Dynamic Analysis scans web applications, finds exploitable vulnerabilities, and addresses issues immediately.

Integrates with Code Dx

 

<p>Vet examines Go source code and reports suspicious constructs.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi3WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Vet
Security testing

Vet examines Go source code and reports suspicious constructs.

Integrates with Code Dx

 

<p>AppSpider by Rapid7 is a dynamic application security testing solution that enables you to scan web and mobile applications for vulnerabilities.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgsWAE/appspider" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

AppSpider
Security testing

AppSpider by Rapid7 is a dynamic application security testing solution that enables you to scan web and mobile applications for vulnerabilities.

Integrates with Code Dx

 

<p>Burp Suite by PortSwigger is a set of tools used to penetration test web applications.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDgtWAE/burp-suite" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Burp Suite
Security testing

Burp Suite by PortSwigger is a set of tools used to penetration test web applications.

Integrates with Code Dx

 

<p>Checkstyle is an open source static analysis tool that checks if Java source code is compliant with specified coding rules.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh3WAE/checkstyle" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Checkstyle
Security testing

Checkstyle is an open source static analysis tool that checks if Java source code is compliant with specified coding rules.

Integrates with Code Dx

 

<p>CodeSonar by GrammaTech is a static analysis tool used to find and fix bugs and security vulnerabilities in source and binary code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh4WAE/codesonar" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

CodeSonar
Security testing

CodeSonar by GrammaTech is a static analysis tool used to find and fix bugs and security vulnerabilities in source and binary code.

Integrates with Code Dx

 

<p>OWASP Dependency-Track is an intelligent component analysis platform that enables you to identify and reduce risk in the software supply chain.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDh7WAE/dependencytrack" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Dependency-Track
Security testing

OWASP Dependency-Track is an intelligent component analysis platform that enables you to identify and reduce risk in the software supply chain.

Integrates with Code Dx

 

<p>OWASP Find Security Bugs is a SpotBugs plugin for security audits of Java web and Android applications.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhEWAU/find-security-bugs" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Find Security Bugs
Security testing

OWASP Find Security Bugs is a SpotBugs plugin for security audits of Java web and Android applications.

Integrates with Code Dx

 

<p>GDS PMD Secure Coding Ruleset is a set of custom rules for the PMD static analyzer that finds security weaknesses.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhBWAU/gds-pmd-secure-coding-ruleset" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

GDS PMD Secure Coding Ruleset
Security testing

GDS PMD Secure Coding Ruleset is a set of custom rules for the PMD static analyzer that finds security weaknesses.

Integrates with Code Dx

 

<p>Gosec is a Golang security checker static analysis tool that inspects source code for security problems by scanning the Go AST.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhHWAU/gosec" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Gosec
Security testing

Gosec is a Golang security checker static analysis tool that inspects source code for security problems by scanning the Go AST.

Integrates with Code Dx

 

<p>Jlint checks Java code for bugs, inconsistencies, and synchronization problems by performing data flow analysis and building the lock graph.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhNWAU/jlint" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Jlint
Security testing

Jlint checks Java code for bugs, inconsistencies, and synchronization problems by performing data flow analysis and building the lock graph.

Integrates with Code Dx

 

<p>Nessus is a vulnerability assessment solution that scans network computers for vulnerabilities.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhPWAU/nessus" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Nessus
Security testing

Nessus is a vulnerability assessment solution that scans network computers for vulnerabilities.

Integrates with Code Dx

 

<p>NowSecure Auto makes it easy to integrate security testing into your mobile software development life cycle by automating the static, dynamic, and interactive analysis of your Android and iOS apps.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhXWAU/nowsecure-auto" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

NowSecure Auto
Security testing

NowSecure Auto makes it easy to integrate security testing into your mobile software development life cycle by automating the static, dynamic, and interactive analysis of your Android and iOS apps.

Integrates with Code Dx

 

<p>OWASP Zed Attack Proxy (ZAP) is an open source web application security scanner.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDheWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

OWASP Zed Attack Proxy (ZAP)
Security testing

OWASP Zed Attack Proxy (ZAP) is an open source web application security scanner.

Integrates with Code Dx

 

<p>PHP Mess Detector (PHPMD) looks for potential quality problems within a given PHP source codebase.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhbWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

PHP Mess Detector (PHPMD)
Security testing

PHP Mess Detector (PHPMD) looks for potential quality problems within a given PHP source codebase.

Integrates with Code Dx

 

<p>Pylint is a source code, bug, and quality checker for the Python programming language.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhfWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Pylint
Security testing

Pylint is a source code, bug, and quality checker for the Python programming language.

Integrates with Code Dx

 

<p>SafeSQL is an open source static analysis tool for Go that protects against SQL injections.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhnWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

SafeSQL
Security testing

SafeSQL is an open source static analysis tool for Go that protects against SQL injections.

Integrates with Code Dx

 

<p>Sentinel by NTT Security AppSec Solutions (formerly WhiteHat Security) is a software-as-a-service platform that enables businesses to deploy a scalable application security program across the entire software development life cycle.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhmWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Sentinel
Security testing

Sentinel by NTT Security AppSec Solutions (formerly WhiteHat Security) is a software-as-a-service platform that enables businesses to deploy a scalable application security program across the entire software development life cycle.

Integrates with Code Dx

 

<p>SpotBugs is an open source program that uses static analysis to look for bugs in Java code.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html">Code Dx</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhsWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

SpotBugs
Security testing

SpotBugs is an open source program that uses static analysis to look for bugs in Java code.

Integrates with Code Dx and Coverity

 

<p>Tenable.sc consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhyWAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Tenable.sc
Security testing

Tenable.sc consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture.

Integrates with Code Dx

 

<p>Veracode Manual Penetration Testing (MPT) combines the skills of penetration testers with automated security testing scan results to reduce application risk, meet compliance requirements, and help teams understand and report on security posture.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDhzWAE/" target="_blank">Support community</a></li>
</ul>
<p> </p>

Veracode Manual Penetration Testing (MPT)
Security testing

Veracode Manual Penetration Testing (MPT) combines the skills of penetration testers with automated security testing scan results to reduce application risk, meet compliance requirements, and help teams understand and report on security posture.

Integrates with Code Dx

 

<p>Vex vulnerability explorer is a web application security scanner.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kDi5WAE/" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Vex
Security testing

Vex vulnerability explorer is a web application security scanner.

Integrates with Code Dx

 

<p>Brinqa is a unified risk management tool that enables stakeholders, governance organizations, and infrastructure and security teams to manage technology risk effectively.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html" target="_blank">Black Duck</a>&nbsp;and <a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html" target="_blank">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCypWAE/brinqa" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Brinqa
Vulnerability management

Brinqa is a unified risk management tool that enables stakeholders, governance organizations, and infrastructure and security teams to manage technology risk effectively.

Integrates with Black Duck and Coverity

 

<p>ZeroNorth brings security, DevOps, and business teams together to improve application security performance and reduce organizational risk.&nbsp;</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDTBWA4/zero-north" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

ZeroNorth
Vulnerability management

ZeroNorth brings security, DevOps, and business teams together to improve application security performance and reduce organizational risk. 

Integrates with Black Duck and Coverity

 

<p>Kenna Security, part of Cisco, is modern, risk-based vulnerability management software.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDTCWA4/kenna-security" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Kenna Security
Vulnerability management

Kenna Security, part of Cisco, is modern, risk-based vulnerability management software.

Integrates with Black Duck and Coverity

 

<p>SonarQube by SonarSource is a vulnerability management tool for code quality and security.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/polaris/code-dx.html" target="_blank">Code Dx</a>,&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a>, and <a href="https://www.synopsys.com/software-integrity/polaris/intelligent-orchestration.html" target="_blank">Intelligent Orchestration</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000LpLIGA0/sonarqube" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

SonarQube
Vulnerability management

SonarQube by SonarSource is a vulnerability management tool for code quality and security.

Integrates with Code DxCoverity, and Intelligent Orchestration

 

<p>ThreadFix by the Denim Group provides a comprehensive risk view from applications and their supporting infrastructure.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html">Coverity</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDREWA4/threadfix" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

ThreadFix
Vulnerability management

ThreadFix by the Denim Group provides a comprehensive risk view from applications and their supporting infrastructure.

Integrates with Black Duck and Coverity

 

<p>The Amazon Web Services (AWS) cloud computing platform provides the flexibility to launch applications regardless of use case or industry.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDT9WAO/amazon-web-services" target="_blank">Support community</a></li>
</ul>
<p> </p>

Amazon Web Services (AWS)
Production deployment

The Amazon Web Services (AWS) cloud computing platform provides the flexibility to launch applications regardless of use case or industry.

Integrates with Seeker

 

<p>Kubernetes (K8s) open source container-orchestration system that provides automated container deployment, scaling, and management.</p>
<p>Integrates with <a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO34000000QBfzGAG/kubernetes" target="_blank">Support community</a></li>
</ul>
<p> </p>

Kubernetes (K8s)
Production deployment

Kubernetes (K8s) open source container-orchestration system that provides automated container deployment, scaling, and management.

Integrates with Black Duck

 

<p>Cloud Foundry by the Cloud Native Computing Foundation (CNCF) provides a model for cloud-native application delivery on top of Kubernetes.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDTJWA4/cloud-foundry" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Cloud Foundry
Production deployment

Cloud Foundry by the Cloud Native Computing Foundation (CNCF) provides a model for cloud-native application delivery on top of Kubernetes.

Integrates with Seeker

 

<p>Microsoft Azure is a cloud platform that helps you build, run, and manage applications across multiple clouds, on premises, hybrid, or at the edge, with the tools and frameworks of your choice.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDTKWA4/microsoft-azure" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Microsoft Azure
Production deployment

Microsoft Azure is a cloud platform that helps you build, run, and manage applications across multiple clouds, on premises, hybrid, or at the edge, with the tools and frameworks of your choice.

Integrates with Black Duck

 

<p>Google Cloud is a suite of cloud computing services, including data management, hybrid and multicloud, and AI and ML, that consist of physical assets and virtual resources contained in Google data centers.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H0000009VqeWAE/gcp" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Google Cloud
Production deployment

Google Cloud is a suite of cloud computing services, including data management, hybrid and multicloud, and AI and ML, that consist of physical assets and virtual resources contained in Google data centers.

Integrates with Black Duck

 

<p>Red Hat OpenShift is a hybrid cloud platform that works anywhere, so you can build anything.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a>&nbsp;and&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDTNWA4/red-hat-openshift" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

Red Hat OpenShift
Production deployment

Red Hat OpenShift is a hybrid cloud platform that works anywhere, so you can build anything.

Integrates with Black Duck and Seeker

 

<p>IBM Cloud Pak for Applications is an enterprise-ready, containerized software solution for modernizing existing applications and developing new cloud-native apps that run on Red Hat OpenShift.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html">Black Duck</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000kCyqWAE/ibm-cloud-pak-for-applications" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

IBM Cloud Pak for Applications
Production deployment

IBM Cloud Pak for Applications is an enterprise-ready, containerized software solution for modernizing existing applications and developing new cloud-native apps that run on Red Hat OpenShift.

Integrates with Black Duck

 

<p>VMware Tanzu is a suite of products and solutions that enables you to build, run, and manage Kubernetes-controlled, container-based applications.</p>
<p>Integrates with&nbsp;<a href="https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html" target="_blank">Seeker</a></p>
<ul>
<li><a href="https://community.synopsys.com/s/topic/0TO2H000000MDTMWA4/vmware-tanzu" target="_blank">Support community</a></li>
</ul>
<p>&nbsp;</p>

VMware Tanzu
Production deployment

VMware Tanzu is a suite of products and solutions that enables you to build, run, and manage Kubernetes-controlled, container-based applications.

Integrates with Seeker