Forrester recognizes Synopsys as a leader in static application security testing

We’re proud to announce that Synopsys has been named a leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. Find out why.

Forrester Wave for Static Application Security Testing | Synopsys

This week Forrester recognized Synopsys as a leader in The Forrester Wave: Static Application Security Testing, Q1 2021, based on its evaluation of Coverity®, our static application security testing (SAST) solution.

Forrester evaluated the 12 most significant SAST providers against 28 criteria. We’re proud to receive the highest score among all 12 vendors in the current offering category, and to be ranked among the top 3 in the strategy category.

Seamless integrations

Within the current offering category, we’re especially proud to receive the top score in the software development life cycle (SDLC) integration criterion, and the highest-possible score in the remediation guidance and education criterion.

The report noted areas for SAST customers to prioritize: “Look for SAST solutions that overlay the CI/CD pipeline through out-of-the-box integrations with popular IDEs, build tools, and code repositories. In addition, seek solutions that provide actionable remediation guidance, with code samples and interactive training reachable through the developer’s toolset.”

Through our Code Sight™ IDE plugin, Coverity integrates with industry-standard IDEs, CI build servers, and issue trackers. By identifying issues and providing actionable remediation advice to developers as they code, Coverity allows them to fix issues early in the SDLC. Context-specific eLearning helps them understand how to fix their prioritized issues quickly, within their existing tools and workflows, and without having to become security experts. Delivered on-premises or in the cloud with Polaris Software Integrity Platform, Coverity supports 21 languages and over 70 frameworks and templates.

Fast and accurate analysis

According to the Forrester report, accuracy and performance remain issues for many SAST customers: “Even as SAST has advanced with new features, the basic requirements of low false positives and short scan times remain. A number of customers still list accuracy and performance as challenges.”

This is where we feel Coverity really shines.

Its high accuracy, low false positive rate, and fast analysis help both development and security teams save time and resources and accelerate software development. Developers get high-fidelity incremental analysis results in seconds, so they can fix issues prior to the build-test phase. Security teams can also generate their own results by running analyses without first building an application.

Per the Forrester report: “References were particularly complimentary of Coverity’s low false positive rate, flexible reporting, and customer support. One reference commented that if a Coverity scan flagged an issue, ‘the general consensus on the developer team is that it’s accurate and [we] need to look at it.’”

Embracing developers and emerging use cases

We feel our showing in the Forrester report validates our holistic approach to evolving software security across the entire SDLC, providing a frictionless experience to developers and security teams alike.

We believe this was also reflected in our score within the strategy category, where Synopsys received the highest-possible scores in three of the five criteria: product vision, market approach, and planned enhancements.

According to the report, “Synopsys is a good fit for firms looking for a strong SAST solution that is also part of an overall AST platform.”

Synopsys strong SAST solution | Synopsys

Synopsys will continue to evolve our SAST and other AppSec tools and services to provide our customers with the most holistic approach to software security, so they can focus their mitigation and remediation efforts according to their own risk posture and prioritization requirements.

Download Forrester Wave for Static Application Securing Testing 2021 | Synopsys

*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Jim Ivers. Read the original post at: