The increasing pace of development is shifting the responsibility for application security left, all the way onto the developer’s desktop. But dealing with security issues detected in downstream builds and tests can be very disruptive. By the time defects are reported, developers have moved on to their next tasks. To remediate a problem, they have to interrupt what they are doing and go back, reopen the code, make a fix, and retest. To make matters worse, they also need to leave their primary tool, the IDE (interactive development environment), to analyse the issue and determine potential fixes. All this tool and context switching kills developer productivity.
To address these issues, Synopsys has released new capabilities for its Polaris Software Integrity Platform, features that fundamentally change the way developers detect, analyse, and remediate security risks during development. These new capabilities, the first of their kind in the market, enable developers to proactively find and fix both security weaknesses in proprietary code and known vulnerabilities in open source dependencies simultaneously, without switching tools or interrupting their workflow.
“In modern development environments, security testing needs to integrate seamlessly into the developer’s workflow, but it also needs to cover both proprietary and third-party code,” said Simon King, vice president of solutions at the Synopsys Software Integrity Group. “By providing real-time SAST and now SCA results together in the IDE, Synopsys enables developers to detect security defects in both their own code and the open source components they leverage – as they build their applications. Developers can fix problems in real time, avoiding the risks and loss of productivity when issues are allowed to go undetected for days, weeks, or even months after they’ve moved on to other tasks. With this release, the native integration of the Code Sight IDE plugin enables developers to build secure, high-quality software faster.”
By providing real-time SAST and SCA results together in the IDE, Synopsys enables developers to detect security defects in both their own code and the open source components they use—all while they build their applications. Developers can fix problems in real time, avoiding the risks and loss of productivity that occur when issues are allowed to go undetected for days, weeks, or even months after the developers have moved on to other tasks.
With Polaris and the Code Sight IDE plugin, developers can truly build secure, high-quality software better, faster, and stronger.