Synopsys has announced the availability of several new product features that enable developers to build secure applications faster.
The latest Coverity release, recognised by Gartner and Forrester as a leading static application security testing (SAST) tool, features seamless integration with Synopsys’ completely rebuilt eLearning platform, an on-demand security training solution for developers. The integration provides developers with convenient access – directly from the Coverity interface – to short, context-relevant training modules to help them address security issues Coverity detects in their code.
The Coverity release also includes security analysis enhancements for detecting more vulnerabilities across a variety of programming languages and frameworks, including the ability to identify code patterns vulnerable to the highly publicised Spectre attacks.
“As more organisations adopt rapid and iterative development methodologies, it is increasingly important to shift security left in the development process,” said Andreas Kuehlmann, Senior Vice President and General Manager of Synopsys Software Integrity Group. “That means equipping developers with the tools and training they need to take ownership of the security of their code. Finding and fixing vulnerabilities early and teaching developers to avoid security missteps in the first place results in more secure code, and it also prevents costly rework and unnecessary delays.”
Coverity integration with new eLearning platform
Synopsys eLearning is an outcome-driven, learner-centric training solution that makes application security education easy, relevant and accessible. Users have on-demand access to an immersive, continuous learning ecosystem that unifies security expertise, instructional design and storytelling into an intuitive platform.
- Coverity now integrates seamlessly with eLearning to provide developers with context-specific application security lessons based on the CWEs (Common Weakness Enumerations) detected by Coverity
- The integration uses a proprietary vulnerability analysis tool to match detected CWEs with relevant eLearning course content based on a highest-confidence-level algorithmic assessment. Unlike other training tools, eLearning links to specific lessons in a course to ensure developers receive the most relevant information
- eLearning includes 37 courses covering a wide range of application security topics, including risk analysis, authentication, security standards, defensive programming for web and mobile apps, threat modelling, security testing strategy and more
Coverity 2018.06 enhancements
The latest release of Coverity includes security analysis enhancements for detecting more vulnerabilities across a variety of programming languages and frameworks, as well as continued support for the latest coding standards in security, safety and reliability.
- Spectre: Coverity is one of the first SAST solutions to provide specific security checkers that identify source code segments that are potentially susceptible to Spectre attacks
- Coding standards: Coverity enables customers to quickly develop apps that comply with the industry standards that matter most to their business. Coverity now supports the OWASP Top 10 2017, CERT C++, MISRA C:2012 Technical Corrigendum 1 (TC1) and DISA STIG
- Enhanced security analysis: Coverity can detect additional vulnerabilities in Python, Java and Swift applications
Synopsys helps development teams build secure, high-quality software, minimising risks while maximising speed and productivity.
A recognised leader in application security, Synopsys provides static analysis, software composition analysis and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components and application behaviour.
With a combination of industry-leading tools, services, and expertise, only Synopsys helps organisations maximise security and quality in DevSecOps and throughout the software development life cycle.