Enabling DevSecOps with Synopsys and Microsoft

Alessandro Segala

This article was contributed by Ed Wong, Business Development Director at Synopsys

Since 2014, the strategic partnership between Microsoft and Synopsys has enabled development teams to write better, more secure code before it is released to production. With our integrations, development teams can easily manage risks throughout the Software Development Life Cycle (SDLC) by using Synopsys’ industry-leading application security testing solutions in Microsoft’s DevOps solutions, including Azure DevOps and Visual Studio.

In the cloud computing era, Synopsys and Microsoft have extended this collaboration further, providing developers a clear solution for security and quality in cloud software—whether internally developed, from a third party, or open source. Synopsys and Microsoft deliver security to DevOps with these joint integrations:

  • Synopsys Detect for Azure DevOps supports native scanning in Azure DevOps for static code analysis (SAST) and open source software detection (SCA).
    • Run Coverity SAST as part of your build pipeline to identify security and quality issues.
    • Invoke Black Duck SCA to perform a component scan during the build pipeline.
    • View comprehensive Coverity SAST and Black Duck SCA scan results to identify and prioritize any software issues.
  • Code Sight for Visual Studio enables developers to find bugs and quality defects inline while coding.
  • Black Duck for Visual Studio identifies security and license compliance issues for open source packages.
  • Seeker for Azure DevOps monitors web app interactions in the background during functional, quality assurance, and user acceptance testing to quickly process hundreds of thousands of web application requests, providing real-time web vulnerability results with higher accuracy than traditional dynamic scanning tools.

By tightly integrating the Synopsys suite of application security solutions with Azure DevOps and Visual Studio, development teams can secure all application code—regardless of where it’s built or deployed.

Synopsys + Microsoft = Secure DevOps for Azure Customers

The partnership between Synopsys and Microsoft delivers a seamless, integrated toolset to build and deploy secure apps faster. Synopsys solutions can be deployed on-premises or in Azure, and can be invoked from Azure DevOps (including Azure DevOps Server), and other CI/CD tools.

By using Synopsys’ industry-leading application security testing solutions, developers can automate security in their Microsoft ecosystem, while maintaining productivity and managing risk in the SDLC.

Learn more in our free webinar

Interested in learning more about our partnership to build and deploy secure apps in the cloud?

Synopsys and Microsoft are organizing a joint webinar “Automating Pipeline Security With Synopsys and Azure DevOps” on September 12, 2019 at 12:00 pm EDT, with Sasha Rosenbaum (@DivineOps) and Tomas Gonzalez (@SW_Integrity). Sign up today for free.

You can also meet Synopsys at Booth 1801 at Microsoft Ignite, November 4–8 in Orlando, Florida.


Discussion is closed. Login to edit/delete existing comments.

  • Tomasz Wiśniewski 0

    Any more information on this? No extensions in Marketplace, no specific information on websites. Is this still valid?

  • Baltazar, Dennis W. R. 0

    Do you have recording of the webinar “Automating Pipeline Secuirty with Synopsys and Azure DevOps”? I missed the session. Would love to see it.

Feedback usabilla icon