New developer tool automates security testing
As the speed and complexity of software development increases, security and development teams have seen the need to integrate and automate security testing within their development workflows.
But doing this can slow development pipelines and overwhelm teams with large volumes of testing results, many of which don't require immediate attention. To address this Synopsys is unveiling its new Intelligent Orchestration solution at the RSA Conference later this month.
Developed by the Synopsys Software Integrity Group, Intelligent Orchestration provides a continuous integration (CI) pipeline that runs in parallel to build and release pipelines to perform necessary application security tests.
It's designed to integrate with CI pipelines via simple API calls. In addition, extensible DevOps integration enables teams to incorporate application security tests performed by Synopsys tools, open source and third-party tools, and deliver results via the development, risk management, and issue tracking tools that they already use.
Teams can define their application security policies as code, specifying rules for security analysis, notification, and remediation. Intelligent Orchestration then uses that policy to evaluate any code changes and intelligently trigger the appropriate security tests,
"Every organization embracing DevOps encounters friction when they integrate and automate security testing into their DevOps environments," says Jason Schmitt, general manager of the Synopsys Software Integrity Group. "Automating the enforcement of application security policies across your portfolio and managing high volumes of security testing results, while trying to keep pace with the accelerating speed of development, can be a daunting task. These challenges are precisely what Intelligent Orchestration is designed to address. Through policy-driven intelligence, automation, and extensive integrations, Intelligent Orchestration streamlines security testing programs based on risk and continuous iteration."
You can find out more on the Synopsys site.