Synopsys Code Sight combines SAST, SCA testing in the IDE
Synopsys’ Code Sight IDE plug-in provides capabilities for simultaneous static application security testing (SAST) and software composition analysis (SCA).
Synopsys has introduced a new application security tool that combines the best of static application security testing and software composition analysis capabilities.
The new capabilities come in the form of an update to the company’s Polaris Software Integrity Platform’s Code Sight IDE plug-in, which can reside in developers’ desktops. The combined static application security testing (SAST) and software composition analysis (SCA) capabilities will help developers find and fix bugs and security vulnerabilities in proprietary code, as well as known weaknesses in open source code at the same time, without having to leave the confines of their favorite IDE.
According to experts, while this is a positive move for developers, it is not necessarily or completely unprecedented. Blending SAST and SCA capabilities in a single platform has been done before, but usually at the expense of the robustness of one method or the other, said Chris Gonsalves, senior vice president of research at The 2112 Group in Port Washington, N.Y.
“In the ongoing battle to improve security in the application development environment, there are three things that are important: speed, speed and speed,” Gonsalves said. “If we’re being sincere about really wanting to bake security into development, the infosec mindset needs to move as far to the left on the timeline as possible.”
Synopsys will release the updates Code Sight plug-in on Feb. 18 and will showcase the technology at the RSA Conference 2020 in San Francisco on Feb. 24 to 28.
“Again, the real star here is speed,” Gonsalves reiterated. “Wringing vulnerabilities out of app dev as early as possible right in the IDE not only makes code more secure, it exponentially increases the efficiency of the application development lifecycle by reducing the rework required when bugs crop up late in the game.”
Written by Darryl K. Taft
> Read the entire article, Synopsys Code Sight combines SAST, SCA testing in the IDE, at techtarget.com.