News

Synopsys Adds Code Dx to AppSec Portfolio

• By John K. Waters
• June 16, 2021

Synopsys, Inc., a provider of electronic design automation (EDA), semiconductor IP, and application security testing tools and services, has acquired app vulnerability management company Code Dx.

Code Dx's namesake solution is designed to automate the discovery, prioritization, and remediation of software vulnerabilities. Synopsys plans to correlate Code Dx's capabilities with software vulnerability data produced by its own solutions, as well as more than 75 third-party and open-source AppSec and development products.

The Northport, NY-based Code Dx comes to Synopsys with a team of experienced R&D engineers specializing in vulnerability correlation and integrating security testing activity throughout the software development pipeline, the companies said.

Prior to this acquisition, Code Dx was a member of the Synopsys Technology Alliance Partner (TAP) program. Announced in May at the annual RSA Conference, the TAP program was created to make it easier for other development and DevOps tool providers to partner with Synopsys and integrate the company's Software Integrity Group’s security testing solutions directly into their products.

The TAP program was launched with more than 40 DevOps ecosystem partners, adding integrations for Synopsys's new Intelligent Orchestration solution, as well as partner tools from CloudBees and GitHub Actions, among others.

Synopsys has already worked closely with Code Dx through the TAP program, the company says, which means Synopsis customers can use Code Dx's capabilities in conjunction with its products immediately.

Specifically, those capabilities include:

• A suite of security testing tools
• An intelligent orchestration engine that automatically determines and initiates the appropriate tests for each step in the DevOps workflow
• An aggregation, correlation, and prioritization solution for the vulnerabilities identified during testing
• Consolidated application security risk reporting across any commercial and open-source application security solution
• Consulting and managed services "to align people, process, and technology" and address application security risks "holistically"

Mountain View, Calif.-based Synopsys's recently introduced Intelligent Orchestration is a risk-based, adaptive AppSec test orchestration solution "optimized to match the speed of development​ teams" while ensuring that governance, compliance, regulatory, and other policies are applied as required.

"The complexity and speed of modern software development requires the use of multiple security testing technologies and rapid testing cycles," said Jason Schmitt, general manager of the Synopsys Software Integrity Group, in a statement. "While robust security testing is vital to securing modern software, it often produces large amounts of vulnerability data that is difficult to manage at speed and at scale. Code Dx enables our customers to optimize and harness the breadth of our application security portfolio, along with third-party tools, by aggregating, correlating, and prioritizing security testing results based on risk."