Synopsys announced that it will release a major update to the Polaris Software Integrity Platform to extend its static application security testing (SAST) and software composition analysis (SCA) capabilities through the native integration of the Code Sight plugin. The new update will allow developers to find and fix security weaknesses in both proprietary code and open-source dependencies simultaneously.
According to the company, the previous way of analyzing the code is to use two separate tools, which can be a hassle for developers.
“By providing real-time SAST and now SCA results together in the IDE, Synopsys enables developers to detect security defects in both their own code and the open source components they leverage – as they build their applications,” said said Simon King, vice president of solutions at the Synopsys Software Integrity Group.
Code Sight automatically performs just-in-time code analysis as the developer opens, edits, and saves files in the IDE. It does this in the background without disrupting workflow. As it detects issues, it reports them in the IDE itself, and the developer can fix them immediately without needing to change tools or reopen past projects.
The plugin checks in with vulnerability information from Black Duck Security Advisories as well as public CVE records from the National Vulnerability Database (NVD).
Code Sight also provides other information developers can use to optimize component selection, including the open source license type and potential violations of the organization’s predefined policies on open source security and license compliance, the company stated on its website.