Synopsys, Inc. has announced the expansion of the Technology Alliance Partner (TAP) segment of the Software Integrity Group’s new Global Partner Program at RSA Conference. Synopsys is showcasing integrations between the company’s Intelligent Orchestration solution and technology partner tools, including CloudBees and GitHub Actions. With more than 40 DevOps ecosystem vendors currently engaged, the TAP program simplifies and accelerates partner integration with Intelligent Orchestration and other Synopsys application security solutions.
Recognised as a leader by independent analysts Gartner and Forrester, Synopsys provides the most comprehensive portfolio of application security solutions in the industry. Through the TAP program, development, DevOps, and security technology providers can partner with Synopsys to integrate the company’s application security and risk management solutions with their products. These integrations make it easier for organisations to build automated application security controls into their existing DevOps toolchains.
Synopsys recently introduced its Intelligent Orchestration solution— a dedicated application security automation pipeline that integrates with popular DevOps tools to make security testing seamless and easy to manage for high-velocity development teams. Intelligent Orchestration integrations with CloudBees and GitHub Actions underscore the value the TAP program creates for customers.
Intelligent Orchestration with source code management. Popular source code management (SCM) tools, including Bitbucket, GitLab, and GitHub, can integrate with Synopsys application security solutions to enable developers to automatically run security scans on their source code when changes are introduced. For example, the Intelligent Security Scan GitHub Action integrates with Intelligent Orchestration to simplify and streamline security testing, triggering the most appropriate analysis based on the significance of the code changes being introduced. It can be configured to automatically orchestrate rapid or incremental security scans based on pushes and pull requests. Scan results are formatted using the Static Analysis Results Interchange Format (SARIF) and displayed through the GitHub code scanning user interface automatically within the developer workflow.
“GitHub Actions helps customers automate software development efforts from ideation to production rapidly,” said Jose Palafox, business development manager for GitHub. “Security testing is an increasingly important part of that process, but it needs to happen seamlessly. With the Intelligent Security Scan Action, developers can leverage the power of Intelligent Orchestration to automatically and quickly initiate security scans.”
Intelligent Orchestration with continuous integration and delivery. Widely used continuous integration and delivery (CI/CD) tools like CloudBees, CircleCI, and Bamboo can also integrate with Intelligent Orchestration. For example, Intelligent Orchestration integrates with CloudBees to provide a dedicated security testing pipeline that runs in parallel with build and release pipelines, simplifying deployment while ensuring that application security doesn’t come at the cost of development velocity. Customers can define application security policies as code, specifying rules for security testing, response, and notification. Using proprietary technology, Intelligent Orchestration then uses those rules to evaluate code changes and other CI/CD events to intelligently trigger the appropriate security tests.
“We’re seeing more and more customers look to automate application security activities as part of their CI/CD pipelines,” said Anders Wallgren, vice president of strategy for CloudBees. “But with the accelerating pace of development and proliferation of security testing technologies, it can be difficult for them to manage the continuous stream of vulnerabilities without slowing down the pipeline. Through our strategic partnership with Synopsys and integration between our respective tools, CloudBees and Intelligent Orchestration, customers can utilise automation and risk-based intelligence to run the right tests at the appropriate stages in the pipeline, which can dramatically reduce unnecessary friction.”
To become a Synopsys technology partner or learn more, visit the TAP program webpage. The TAP program provides partners with world-class developer support, product training, integration audits, community access, and co-marketing opportunities. Collaborate, integrate, and interoperate with Synopsys application security solutions to transform how software is built, deployed, and operated. Through partnerships, customers can achieve their application security goals without impacting their development and deployment efforts.