Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down

Presented by

Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research

About this talk

Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment. A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration. In this webinar, you’ll learn: Why legacy CI/CD approaches can’t keep up with the speed of DevOps How Synopsys Intelligent Orchestration: - Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time - Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback - Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale

Related topics:

More from this channel

Upcoming talks (17)
On-demand talks (168)
Subscribers (44332)
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.