Code Sight Standard Edition: Application security optimised for the needs of developers
Code Sight Standard Edition helps developers find and fix security issues as they code, without switching tools or interrupting their workflow.
As the pace and complexity of software development increases, organisations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense. Defects, including security defects, can often be addressed faster and more cost-effectively if they are caught early. Issues found during downstream testing or in production result in costly and disruptive rework.
But most developers aren’t security experts, and tools that are optimised for the needs of the security team can be too complex and disruptive to be embraced by developers. To make matters worse, these solutions often require developers to leave their interactive development environment (IDE) to analyze issues and determine potential fixes. All this tool and context-switching kills developer productivity, so even though teams recognise the upside of checking their code and open source dependencies for security issues, they avoid using the security tools they’ve been given due to the downside of decreased productivity.
Introducing Code Sight Standard Edition
In response to these problems, Synopsys developed Code Sight and today, we’re proud to announce the availability of Code Sight Standard Edition (SE). Code Sight SE is a standalone version of the Code Sight IDE plug-in that works independently of application security testing (AST) tools like Coverity and Black Duck, which are incorporated into continuous integration (CI) build and test workflows. Code Sight SE provides fast, lightweight application security analysis of source code and open source dependencies in the IDE using integrated Rapid Scan Static and Rapid Scan SCA. Developers don’t need to be security experts; Code Sight SE gives them easy-to-understand defect descriptions as well as severity data and remediation guidance so they can fix defects as quickly as possible. It’s optimised to perform security analysis scans on large files and projects in seconds, with minimal system impact. And while developers don’t need to deploy a centralised static application security testing (SAST) or software composition analysis (SCA) solution to use it, Code Sight SE will help teams get more out of central analysis when used in conjunction with tools like Coverity and Black Duck (as well as tools from other vendors).
The integration of SAST and SCA in the IDE is what makes Code Sight SE unique and powerful. Let’s face it: As a developer, you want to ensure your software is both secure and bug-free. It doesn’t matter whether a security vulnerability is in your code or in an open source dependency. Either way, you need to fix it. Using one tool to analyse your code and a separate tool to look at open source is a pain. With Code Sight SE, you can address security holistically across the entire application codebase.