The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it. Then, we looked at the customer environment, different use cases, the client, and all those kinds of things. We started scanning a few of their applications, getting results, some eye-openers, and identifying critical assets. It's a continuous process, a three-year project, involving continuous security assessment across more than 300 applications. So, my tool, Code Dx, scans all these different applications, revealing design reserves, and it's part of a continuous improvement plan.
Find out what your peers are saying about Black Duck, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: April 2025.
SAST is a method designed to detect security vulnerabilities within an application's source code. By analyzing the code structure, SAST identifies potential flaws early in the development cycle, promoting secure coding practices and reducing the risk of security issues in production.
Unlike dynamic testing that examines an application during runtime, SAST operates on static code analysis. This early detection capability is crucial as it enables developers to address vulnerabilities before...
The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it. Then, we looked at the customer environment, different use cases, the client, and all those kinds of things. We started scanning a few of their applications, getting results, some eye-openers, and identifying critical assets. It's a continuous process, a three-year project, involving continuous security assessment across more than 300 applications. So, my tool, Code Dx, scans all these different applications, revealing design reserves, and it's part of a continuous improvement plan.