Code Dx brings game-changing capabilities to Synopsys

Today, Synopsys announced the acquisition of Code Dx, the provider of an award-winning application security risk management solution that automates and accelerates the discovery, prioritization, and remediation of software vulnerabilities. This acquisition not only adds critical functionality to advance Synopsys’s vision for application security, it provides our customers and prospects with a true view of the organizational risk associated with the security of their software.

Synopsys now provides the ability to intelligently orchestrate security tests from our own tools, third-party tools, and open source tools. We have the ability to correlate and prioritize the findings from more than 75 testing solutions and manual testing activities. Code Dx provides a consolidated view of all these activities as well as insights into organizational risk.

We believe these capabilities are a game changer—not just for Synopsys, but for the application security (AppSec) industry, and most importantly for our customers.

Introducing Code Dx by Synopsys

Code Dx falls into the category that Gartner calls application security orchestration and correlation (ASOC).

After examining the ASOC tools in the market, Synopsys concluded Code Dx has:

• The most flexible architecture
• The strongest correlation technology
• The most integrations

At a macro level, we believe Code Dx’s design uniquely enables organizations to holistically manage their software risk.

It should be noted that Code Dx is a Synopsys technology alliance partner with existing integrations into the Synopsys portfolio. This means that our customers can realize immediate benefits from Code Dx. Furthermore, combining Code Dx with our recently announced Intelligent Orchestration solution creates the most comprehensive orchestration and correlation offering in the market. Like Code Dx, Intelligent Orchestration works with third-party and open source tools. The result is an exceptional set of solutions that efficiently and pragmatically integrate application security testing (AST) into DevOps workflows, enabling organizations to leverage their investment in AST tools of all types.

Code Dx provides several robust capabilities, including:

• Correlates the output from all forms of AST—including static analysis (SAST), dynamic analysis (DAST), interactive analysis (IAST), and software composition analysis (SCA). Code Dx can also correlate findings from manual tests such as threat modeling. Many organizations use multiple testing tools, so correlating the findings makes addressing them more efficient and the view of risk more complete.
• Offers more than 75 integrations developed in partnership with a wide variety of providers. Besides the integrations with traditional SAST, DAST, IAST, and SCA tools, Code Dx has integrations with cloud and container analysis tools, network scanning tools, mobile security tools, and issues trackers.
• Tightly integrates with ticketing systems such as Jira to eliminate duplicate tickets and efficiently assign work to developers while providing consolidated data needed to ensure accountability.
• Prioritizes findings based on policies, metadata about the application, and threat intelligence, applying integrated machine learning techniques in the process. The ultimate goal is to provide guidance on what to fix and in what priority to drive developer efficiency while reducing risk.
• Uses consolidated test data to provide insights on risk across the application portfolio. This elevates the conversation around AST and AppSec from findings to business risk.