Scalable SAST and SCA in a single solution with Polaris fAST Services

Polaris fAST Services are fast, powerful, and easy-to-use cloud-based application security testing optimized for DevSecOps.

Quick. These days it can be hard for us to agree on a lot of things. But one thing seems to unite us all is that when we want something, we want it now. And we need it fast.

Quick is definitely a priority for anyone producing software. Release schedules are constantly compressed, so anything that reduces the time spent on developer tasks is a good thing. But in software development, speed isn’t just about how fast a particular function is performed. It is also about

  • Simplicity. Developers are inundated with complexity due to the sophistication of the software they create, as well as the increasingly complex and varied tool chains they work with. They need tools that simplify their work and minimize time wasted due to context switching.
  • Scalability. Organizations are creating far more software than they did just a few years ago. It is not uncommon for teams to manage hundreds or even thousands of concurrent development projects. It’s important that teams have tools that can handle the volume of apps and versions they manage.
  • Power. They say nothing kills productivity more than rework. It doesn’t matter how fast you did something the first time if you have to go back and do it a second time. So even though teams want tools that are quick and easy to use, they still need them to be powerful enough to do their job right the first time, to avoid rework.

For development teams, quick translates into simplicity, scalability and power, as well as speed.

Polaris fAST Services Overview

With these needs in mind, today we are announcing the general availability of two new SaaS offerings, Polaris fAST Static and fAST SCA. Polaris fAST (fast application security testing) services are built on the same powerful analytics engines at the heart of our industry-leading products, integrated and delivered from the cloud via the latest version of our Polaris Software Integrity Platform®.

Many teams have moved to cloud-based solutions for their development toolchains, from source code management, to build and integration, to packaging and delivery. The benefits of cloud-based solutions are well known: lower costs, greater agility and improved ease of use.

While these teams also want to realize these same benefits for their AST tools, until now most cloud-based AST platforms have forced them to compromise on one or more of their key requirements. An easy-to-use platform may not offer enough power and capabilities to effectively identify security issues in complex applications. One that offers speed on a small scale may not have the ability to scale to enterprise scale. And often, teams find that most cloud-based AST platforms are strong in static application security testing (SAST) but weaker in software composition analysis (SCA), or vice versa.

No need to compromise with Polaris

Our goal with Polaris is to provide teams with a no-compromise SaaS AST solution, and these new Polaris fAST services meet that goal. Polaris fAST Static uses the same fast and accurate scanning engines as Synopsys Coverity® SAST, the market leader in SAST, which provides broad language support and fast incremental scanning proven at scale in the largest software development projects in the world. Polaris FAST SCA helps teams stay ahead of their software supply chain risks by providing the same comprehensive open-source knowledge base and Black Duck® security advisories used in our market-leading SCA solution, Black Duck.

With Polaris, teams don’t have to choose between a SAST tool that is fast, scalable, and covers the variety of languages ​​and frameworks they use, and an SCA tool that gives them an accurate view of their open source risks with advisories. that are more timely, accurate and actionable than the National Vulnerability Database (NVD). They get both. And they get them in a unified SaaS platform that’s both easy for their team to use today and scale to the capacity they need in the future.

Schedule a live demo of Polaris fAST services

Automate security testing and policy enforcement with Polaris DevOps integrations

Integration and automation define modern software development. Developer actions in the IDE, source code manager (SCM), and bug tracking system trigger automated build, test, packaging, and deployment activities by their continuous integration (CI) system. Any tool that doesn’t fit seamlessly into this DevSecOps ecosystem creates friction, which can lead to teams missing deadlines or skipping tests to meet the schedule.

Polaris offers DevOps integrations that allow teams to automate security testing with their existing workflows and tools. You can schedule recurring security scans that will automatically pull code from the GitHub or GitLab repository for analysis. Or you can trigger event-based analytics in Jenkins CI workflows. Teams can also upload code directly through the Polaris UI for ad hoc testing.

Polaris also streamlines vulnerability triage and remediation workflows by providing policies that can automatically notify teams or “break the build”. And the Jira integration makes it easy to assign issues to developers for fixing.

Analyze security issues and trends across teams, applications, and scan types

Development teams bear the bulk of the responsibility for application security testing, triaging, and remediation of vulnerabilities, but responsibility for the overall coverage and success of the AppSec program generally rests with security teams, particularly in medium and large enterprises. Polaris helps these teams monitor and manage testing across their organization with built-in reports and dashboards, giving them insight into

  • Vulnerability trends. Teams can identify AppSec hotspots in their portfolio with views that show vulnerability severity and type information across apps, projects, and test types.
  • Status and performance of tests. Teams get a real-time view of current and past testing across apps, projects, and teams.
  • Administrator Changes. Administrators can track configuration changes to ensure the integrity of their test environments and aid in troubleshooting.

Optimize Safety Testing with Help from Polaris Value-Added Services

As an easy-to-use SaaS platform, Polaris is ideal for small organizations and teams that may have few or no experienced application security analysts on staff. To help these teams get the most out of Polaris and keep things running smoothly, Synopsys offers a number of value-added services. These include

  • Onboarding and adoption services, which help teams quickly bring new apps and team members to the platform
  • Triage services to help tune and remove noise from analysis results
  • Troubleshooting services that provide automatic monitoring and remediation of interrupted scans

So even if your the team is small our the team has what you need.

Ready to know more? Take a tour of Polaris with our team

Polaris and Polaris fAST services are constantly improving. We will be adding new fAST services to the platform in the coming months, along with advanced policy management, improved vulnerability prioritization, expanded integrations, and improved dashboarding and reporting capabilities.

With all of these changes, the best way to learn more about Polaris is to see it for yourself. Click the button below to schedule a time for a live demo.

Schedule a Polaris Tour Today

Comments are closed.