Synopsys has announced it will be showcasing the Software Integrity Group’s new Intelligent Orchestration solution at RSA Conference on 17-20 May. Running as an application security automation pipeline, Intelligent Orchestration reportedly ensures the right security tests are performed at the right time.
Intelligent Orchestration utilises technology to determine the most appropriate security tests, which includes static (SAST), dynamic (DAST), interactive (IAST), and software composition analysis (SCA), based on pre-define risk policies and changes made to an application.
As the pace and complexity of software development increases, security and development teams in all industries have recognised that integrating and automating security testing within their development toolchains and workflows is essential. However, they often find that doing this can slow development pipelines and overwhelm development teams with large volumes of testing results, many of which do not require immediate attention.
“Testing your business-critical applications for security vulnerabilities is essential, but when it comes to producing actionable results and earning developers’ trust in a DevOps environment, the tests you don’t run can be equally as important as the tests you do run,” said the director of application security for the financial services client.
“Avoiding extraneous testing cycles and prioritising the critical vulnerabilities that present the most risk to your organisation is key to embracing the benefits of DevSecOps. We worked closely with Synopsys as they developed their Intelligent Orchestration solution to address the DevSecOps bottlenecks we were grappling with.”
According to the company, Intelligent Orchestration provides; dedicated ‘continuous security’ pipeline, seamless integration with existing pipelines and development toolchains, automation for the workflow for manual or out-of-band testing activities.
“Every organisation embracing DevOps encounters friction when they integrate and automate security testing into their DevOps environments,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Automating the enforcement of application security policies across your portfolio and managing high volumes of security testing results, while trying to keep pace with the accelerating speed of development, can be a daunting task.
“These challenges are precisely what Intelligent Orchestration is designed to address. Through policy-driven intelligence, automation, and extensive integrations, Intelligent Orchestration streamlines security testing programs based on risk and continuous iteration.”