Synopsys has been named by Gartner, Inc. as a Leader in the “Magic Quadrant for Application Security Testing” for the sixth consecutive year.1 In the report, Gartner evaluated 14 application security testing vendors based on their Completeness of Vision and Ability to Execute. Synopsys placed highest in Ability to Execute and Completeness of Vision for the fourth year in a row.
As the speed and complexity of development increases and the occurrence of high-impact application security breaches becomes more frequent, security and development teams are looking to integrate and automate security testing as part of their software development activities.
According to the authors of the report, “Gartner continues to observe that the major driver in the evolution of the AST market is the need to support enterprise DevSecOps and cloud-native application initiatives. Customers require offerings that provide high-assurance, high-value findings, while not unnecessarily slowing down development efforts. Clients expect offerings to fit earlier into the development process, with testing often driven by developers, rather than security specialists. As a result, this market evaluation focuses heavily on the buyer’s needs involving support of rapid and accurate testing for various application types, capable of integration in an increasingly automated fashion throughout software delivery workflows.”
“Recent high-profile vulnerabilities and software supply chain attacks have highlighted that managing software risk is becoming increasingly complex,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Organizations need a variety of integrated and interoperable application security solutions to address risks across the SDLC and the broader software supply chain—solutions that help them prioritize their remediation efforts while maintaining the velocity of their development workflows. We have made significant investments in these areas over the past year, including the release of new Rapid Scan capabilities for Coverity SAST and Black Duck SCA, the launch of Code Sight Standard Edition, a standalone version of our IDE plugin for developer-driven testing, and the acquisition of Code Dx, an open platform that helps security and development teams correlate and prioritize security findings across their AST tool portfolio. We believe our continued recognition by Gartner as a Leader in application security testing validates our strategy and ability to address the evolving needs of the market.”
Download a complimentary copy of the 2022 Gartner Magic Quadrant for Application Security Testing to learn more.
Over the past year, the Synopsys Software Integrity Group has announced several new offerings and initiatives that have contributed to the business’s growth and momentum:
- In June of 2021, Synopsys acquired Code Dx, the provider of an award-winning application security risk management solution that automates and accelerates the aggregation, correlation, deduplication, and prioritization of software vulnerabilities from Synopsys’ broad portfolio of solutions as well as more than 100 third-party commercial and open source products. Code Dx provides consolidated risk reporting that creates a system of record for application security testing and enables a unique view into the risk associated by an organization’s software.
- In July of 2021, Synopsys announced the availability of new Rapid Scan capabilities within the company’s Coverity® static application security testing (SAST) and Black Duck® software composition analysis (SCA) solutions. The Rapid Scan features provide fast, lightweight vulnerability detection for both proprietary and open source code. Rapid Scan is optimized for the early stages of development, particularly for cloud-native applications and infrastructure-as-code (IaC).
- In February of 2022, Synopsys announced the general availability of Code Sight™ Standard Edition, a standalone version of the Code Sight plugin for integrated development environments (IDE) that enables developers to quickly find and fix security defects in source code, open source dependencies, infrastructure-as-code files, and more before they commit their code.
- In October of 2021, Synopsys enhanced its Black Duck® software composition analysis solution to address customers’ emerging needs around software supply chain security. The enhancements enable Black Duck customers to produce a software bill of materials (SBOM) in the standardized SPDX 2.2. format approved by NIST, a capability that is increasingly important for software vendors looking to comply with Executive Order 14028.
- Synopsys continues to invest in its “partner first” go-to-market approach by expanding its global channel partner network and enhancing the benefits and operational support in its partner program to better serve the channel. As a result, Synopsys has experienced significant growth and momentum in indirect sales through an expanded ecosystem of resellers, managed service providers, system integrators and consulting firms providing solutions and services to our customers. Synopsys recently received a 5-star rating in the 2022 CRN Partner Program Guide.
- Gartner, Inc. “Magic Quadrant for Application Security Testing” by Dale Gardner, Mark Horvath, and Dionisio Zumerle, April 18 , 2022.