Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down

Presented by

Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research

About this talk

Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment. A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration. In this webinar, you’ll learn: Why legacy CI/CD approaches can’t keep up with the speed of DevOps How Synopsys Intelligent Orchestration: - Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time - Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback - Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale

Related topics:

More from this channel

Upcoming talks (27)
On-demand talks (104)
Subscribers (29889)
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.