Synopsys Improves Security Testing for Developers Rapid Scan for Coverity SAST and Black Duck SCA
Rapid scan functions will help Synopsys ‘ software testing and code analysis solutions take off in the future. Thanks to the “shift left”, cloud-native applications should be secured as quickly as they are written.
Companies on the topic
New Synopsys quick scan features are designed to help quickly uncover vulnerabilities and vulnerable open source components.
(©allvision – stock.adobe.com)
Synopsys unlocks new rapid scan capabilities in Coverity SAST (Static Application Security Testing) and Black Duck’s Software Composition Analysis (SCA) solutions. According to the manufacturer, Rapid Scan is optimized for the early stages of development, especially for cloud-native applications and infrastructure-as-Code (IaC).
Rapid Scan complements traditional application security tests and applies both proprietary and open source code. Development teams would have the ability to perform fast SAST and SCA scans at each code check-in or early stages of the build without slowing down the pipeline.
Coverity Rapid Scan
In Coverity SAST, Rapid Scan is intended to enable rapid security analysis of proprietary code, whether on the developer’s desktop or in CI, i.e. continuous integration pipelines such as GitLab and GitHub Actions. Coverity Rapid Scan is optimized for cloud-native applications built on infrastructure-as-code frameworks such as Kubernetes, Terraform, and CloudFormation, and microservices such as GraphQL, Kafka, and Postman. Rapid Scan detects common security vulnerabilities as well as problematic misconfigurations and incorrect use of APIs.
Black Duck Rapid Scan
As part of Black Duck SCA, Rapid Scan is suitable for performing rapid dependency analysis. This allows you to determine before release whether an open source component used violates the company’s security and licensing policies. Resource-intensive SCA activities such as multi-factor open source detection and the creation of a complete software bill of materials moves Black Duck Rapid Scan to later stages of SDLC.
Intelligent Orchestration and Rapid Scan
The rapid scan capabilities of Coverity and Black Duck can also be used in conjunction with Synopsys ‘ Intelligent Orchestration solution. Here you automatically trigger fast SAST and SCA scans based on events in the CI pipeline. Full coverity and Black Duck scans are then performed at later stages of the pipeline when the quality and security of an application is to be validated prior to deployment.
More information about Rapid Scan can be found on the Coverity and Black Duck websites.