Electronic design automation (EDA) vendor Synopsys Inc. has released a standalone version of its Code Sight plugin for integrated development environments (IDE).
The plugin allows developers to find and fix security defects in source code, open source dependencies, infrastructure-as-code files and more before a code is committed.
The software leverages Synopsys’ Rapid Scan Static and Rapid Scan SCA technology for security analysis in the developer’s IDE, preventing rework of issues discovered later in the software development lifecycle (SDLC).
The Code Sight software reduces the load on downstream security testing and minimizes rework to fix the issues. The software works independently of centralized security testing tools such as Coverity SAST and Black Duck SCA.
"In the age of modern software development, speed is king and software risk equates to business risk," said Jason Schmitt, general manager of the Synopsys Software Integrity Group. "That means developers shoulder a tremendous responsibility in protecting their organizations and they do not have the luxury of time to stop and scan. Equipping them with technology that helps them write more secure code from the outset can dramatically reduce the amount of time spent fixing open source and code security defects later in the SDLC.”