Code Dx has been recognized for its leadership in application security development. Learn how Code Dx helps build trust in your software.
Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best Application Development Security. This achievement underscores Code Dx’s leadership as an application security orchestration and correlation (ASOC) solution, providing organizations with a way to centralize and automate the most labor-intensive parts of software security: risks, triage and remediation.
“Synopsys Code Dx uniquely addresses the industry’s need for scalability in application security, working within CI/CD pipelines to consolidate and prioritize issues across the SDLC,” said Victor Ng, Editor Head of CybersecAsia. “Code Dx’s robust correlation logic can consume hundreds of siled and varied AST tool results, eliminate duplicate and false positive results, and provide holistic insight into software business risks. Above all, Code Dx helps security and development teams reduce AppSec noise and focus their efforts on high-impact remediation activities. We congratulate Synopsys Code Dx for winning the 2021 CybersecAsia Reader’s Choice Award for Best Application Development Security.
CybersecAsia is the leading readers’ choice awards program that recognizes cybersecurity pioneers in Asia for driving notable advancements and innovations in the industry. Backed by Asia’s most trusted source of cybersecurity information, CybersecAsia.net, the awards recognize organizations that provide solutions that can adapt to the large and complex security risks created by increasing application accessibility. and data.
What is the Dx code?
Code Dx is a platform that provides an efficient way to run tests, correlate results, and track fixes across a host of Application Security Testing (AST) tools. It helps organizations accelerate their existing AppSec programs by eliminating pipeline friction and vulnerability overload resulting from integrating AppSec into automated DevOps.
The key to how Code Dx improves the speed and efficiency of AppSec programs is its correlation engine, which aggregates, deduplicates and correlates results from all analysis tools – static, dynamic, commercial and open source – to create a system for recording and managing vulnerabilities. Code Dx can perform hybrid analysis, which enables the correlation of SAST and DAST/IAST results and provides visibility into how the results may be exploited by known threats, as well as the identification of test cases for those results. With Code Dx, security and DevOps teams can prioritize issues based on a risk score calculated based on the business criticality of affected software, exploitability, and severity of a given vulnerability.
Code Dx also helps reduce the time it takes to triage test results, one of the most time-consuming parts of the security process. Code Dx Triage Assistant uses machine learning to recommend which results to act on and which to ignore, based on previous triage decisions. It provides analysts with information about the most important results so they can filter by status or score, allowing them to focus on high-priority items and remove irrelevant results from the result set.
How does Code Dx help organizations shift security to the left and build trust in software?
Applications are becoming a prime target for cyberattacks, driving increased investment in AST tools. In a recent ESG study of application security trends, about two-thirds of respondents were already using more than a dozen AST tools. Yet 60% had encountered an exploited application security issue in the past year. But integrating so many AST tools into CI/CD toolchains and all pipelines can be a complex and time-consuming undertaking, and can increase the risk of breaking existing builds and release pipelines. Additionally, the speed of existing DevOps production cycles is often slowed down by security processes. Development teams responsible for remediation are forced to sift through an overwhelming volume of results across disparate reporting sources or custom data lakes, without being able to prioritize relevant and significant issues.
Moving security to the left requires an agile approach to performing security analysis, policy execution, and remediation workflow. When used in conjunction with Synopsys’ Intelligent Orchestration, Code Dx offers organizations a way to go left by digitally transforming their AppSec program. Code Dx and Intelligent Orchestration work together to standardize end-to-end processes for orchestration, testing, and remediation; prioritize critical security tests and findings; and implement policies as code. Both solutions support tools and issue trackers commonly used in the DevOps framework, and don’t slow down development speed or break builds, and they integrate seamlessly into your existing CI/CD pipeline. These features help teams reduce security backlogs, increase team productivity, and most importantly, help organizations get the most out of their AppSec program.
“Security is often challenged to keep pace with DevOps, and the pressure to keep up with release cycles increases the risk of a breach for the organization. What enterprises need is a solution that makes more scalable security through automation. Code Dx mitigates your breach risk while helping you be faster and more agile. It correlates and prioritizes security findings in your application security testing tools,” said Geok Cheng Tan, senior sales manager at Synopsys.