DEVOPSdigest

Synopsys announced the expansion of the Technology Alliance Partner (TAP) segment of the Software Integrity Group's new Global Partner Program.

With more than 40 DevOps ecosystem vendors currently engaged, the TAP program simplifies and accelerates partner integration with Intelligent Orchestration and other Synopsys application security solutions.

Through the TAP program, development, DevOps, and security technology providers can partner with Synopsys to integrate the company's application security and risk management solutions with their products. These integrations make it easier for organizations to build automated application security controls into their existing DevOps toolchains.

Synopsys recently introduced its Intelligent Orchestration solution— a dedicated application security automation pipeline that integrates with popular DevOps tools to make security testing seamless and easy to manage for high-velocity development teams. Intelligent Orchestration integrations with CloudBees and GitHub Actions underscore the value the TAP program creates for customers.

Popular source code management (SCM) tools, including Bitbucket, GitLab, and GitHub, can integrate with Synopsys application security solutions to enable developers to automatically run security scans on their source code when changes are introduced. For example, the Intelligent Security Scan GitHub Action integrates with Intelligent Orchestration to simplify and streamline security testing, triggering the most appropriate analysis based on the significance of the code changes being introduced. It can be configured to automatically orchestrate rapid or incremental security scans based on pushes and pull requests. Scan results are formatted using the Static Analysis Results Interchange Format (SARIF) and displayed through the GitHub code scanning user interface automatically within the developer workflow.

Widely used continuous integration and delivery (CI/CD) tools like CloudBees, CircleCI, and Bamboo can also integrate with Intelligent Orchestration. For example, Intelligent Orchestration integrates with CloudBees to provide a dedicated security testing pipeline that runs in parallel with build and release pipelines, simplifying deployment while ensuring that application security doesn't come at the cost of development velocity. Customers can define application security policies as code, specifying rules for security testing, response, and notification. Using proprietary technology, Intelligent Orchestration then uses those rules to evaluate code changes and other CI/CD events to intelligently trigger the appropriate security tests.

The TAP program provides partners with world-class developer support, product training, integration audits, community access, and co-marketing opportunities. Collaborate, integrate, and interoperate with Synopsys application security solutions to transform how software is built, deployed, and operated. Through partnerships, customers can achieve their application security goals without impacting their development and deployment efforts.