Synopsys Unveils Coverity Enhancements to Extend Breadth, Depth, and Scalability of Enterprise Application Security Testing
January 15, 2019 at 11:05 am
Share
Synopsys, Inc. announced the availability of a new version of its Coverity® static application security testing (SAST) solution, which enables organizations to build secure applications faster. The latest release of Coverity addresses three increasingly important needs for enterprise application security teams: scalability, broad language and framework support, and comprehensive vulnerability analysis. Scalable SAST for enterprise security teams: Coverity enables enterprise organizations to scale their SAST efforts across large application portfolios. The latest Coverity solution now includes a feature called 'analysis without build' that allows security teams to onboard and analyze thousands of applications quickly and easily. Security teams can now simply point Coverity to a source code project and begin analyzing in seconds, without first having to do a full build operation for each application. Unlike other SAST solutions, Coverity automatically detects project types and fetches the dependencies that would normally be incorporated in the build process. Use of this new feature ensures comprehensive analysis and eliminates the need to manually declare dependencies. Broad language and framework support: The ecosystem of programming languages and frameworks used to build applications is expanding, and SAST tools need to understand how each one works in order to be effective. To address the needs of enterprise organizations with diverse application portfolios, Synopsys has significantly expanded Coverity's language and framework coverage. The latest Coverity release introduces support for TypeScript, .NET Core, Swift 4.1, and Ruby on Rails, as well as more than 50 different frameworks for Java, JavaScript, C#, including Angular, React, and Vue. Comprehensive vulnerability analysis: The Coverity analysis engine utilizes a variety of techniques to look at code in different ways and find the most actionable and critical security vulnerabilities. In response to the growing popularity of frameworks, the latest Coverity release includes dramatically improved framework analysis, which allows customers to more accurately detect client-side and back-end web services vulnerabilities. Coverity can also now analyze JavaScript framework templates, which are a popular means of client-side data binding. Coverity can now scan the HTML generated on the fly from such templates to find additional cross-site scripting vulnerabilities.
Synopsys Inc. specializes in the development and marketing of software programs aimed mainly at manufacturers of semi-conductors, computers and electronic equipment. Net sales break down by activity as follows:
- sale of software and hardware (82.4%): sale of software for the automation of integrated circuit design, pre-designed circuits for semiconductors, software and hardware for the validation of electronic systems, etc.;
- provision of services (17.6%): consulting, maintenance and technical assistance services in the areas of software security, quality and compliance.
Net sales are distributed geographically as follows: the United States (47.7%), China (15.2%), Korea (10.9%), Europe (10.2%) and other (16%).
SYNOPSYS INC. 
