Synopsys Rapid Scan Can Now Security Check Proprietary Code – InApps is an article under the topic Software Development Many of you are most interested in today !! Today, let’s InApps.net learn Synopsys Rapid Scan Can Now Security Check Proprietary Code – InApps in today’s post !

Read more about Synopsys Rapid Scan Can Now Security Check Proprietary Code – InApps at Wikipedia



You can find content about Synopsys Rapid Scan Can Now Security Check Proprietary Code – InApps from the Wikipedia website

If you haven’t been programming since fixing Y2K was the problem of the day, you may not know just how much trouble we’ve been in with supply chain software security holes and attacks. Still not sure what I mean, go read up on the Solarwinds security fiasco. I’ll wait. Get the picture? So when Synopsys announced it released new Rapid Scan capabilities within its Coverity static application security testing (SAST) and Black Duck software composition analysis (SCA) solutions, this is a big deal.

What Rapid Scan brings to your developer desk is faster, lightweight vulnerability detection for both your proprietary and open-source code. In particular, Rapid Scan is optimized for the early stages of development, when it’s still easy to catch bugs before they’ve become embedded in your programs. Synopsys also states that Rapid Scan is particularly good for cloud native applications and infrastructure-as-code (IaC).

Sure, we know that comprehensive, thorough security testing is critical to managing risk in the later stages of the software development lifecycle (SDLC). But, let’s get real. How many of us actually do that as consistently as we should? Better is, as Shuah Khan, Linux Fellow a senior Linux kernel maintainer, observed, “It is easier to detect and fix problems early during the development process.”

Read More:   Piece Together a Repeatable Frontend Dev Environ on Linux – InApps 2022

That’s where Rapid Scan comes in. It complements conventional application security testing activities by enabling development teams to perform fast SAST and SCA scans at every code check-in or early-stage build without slowing them down. This enables developers to shift left efficiently and prevents security issues from propagating into the later stages of the SDLC. If you want continuous integration/continuous delivery (CI/CD), building testing into the development pipeline early on is a necessity.

As Jason Schmitt, Synopsys Software Integrity Group’s general manager put it, in a press release: “For organizations embracing DevSecOps, application security testing needs to follow suit. With Rapid Scan, Coverity and Black Duck users can run quick preventative scans to detect and eliminate surface-level vulnerabilities as their developers write and commit code, and they can use the same solutions to run deep scans later in the SDLC prior to deploying their applications.”

Sounds great, but what, specifically, are they talking about?

The new capabilities include:

In Coverity Rapid Scan SAST you get speedy security analysis of proprietary code at the developer’s desktop and in continuous integration (CI) pipelines such as GitLab and GitHub Actions. Coverity Rapid Scan is optimized for cloud native applications built on IaC frameworks such as Kubernetes, Terraform, and CloudFormation, and microservices such as GraphQL, Kafka, and Postman. Besides quickly detecting many common security weaknesses, it can also spot misconfiguration flaws and API foul-ups.

To use it you just point Rapid Scan SAST to a directory or Git repository and it provides relevant actionable feedback in the command line or within the forthcoming Microsoft Visual Studio Code, Code Sight IDE plugin. It already includes support for Java, JavaScript, and Typescript, with more languages on the way. Its broad support for markup languages makes it easy to scan IaC applications.

In Black Duck Rapid Scan, developers and managers can perform a faster than ever dependency analysis to see if any of their open source components violate your organization’s security and license policies before merging code into release branches. It does so by skipping resource-intensive SCA activities such as multifactor open source detection and generating a complete software bill of materials for later in the SDLC process.

Read More:   Was Parler Really a Progressive Web App? – InApps 2022

Both the Coverity and Black Duck Rapid Scan capabilities can be used with Synopsys’ Intelligent Orchestration solution to automatically trigger fast SAST and SCA scans based on events in the continuous integration (CI) pipeline. Once more the goal is to do what’s needed at the early stages of development and testing while delaying full Coverity and Black Duck scans at later stages.

In short, the name of the game here is to balance agility and risk management. Sure, if you need to, you can run a full scan. But with Fast Scan, you can do just what you need to do to meet your schedule while protecting your code from security bugs and open source licensing problems. It sounds to me like a worthwhile compromise, and it’s certainly nice to have the option.

InApps is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Postman.

Feature image par Crea Park de Pixabay. 



Source: InApps.net

Rate this post
As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...