Synopsys Upgrades Polaris Platform
February 13, 2020
introduced a major update to the Polaris Software Integrity Platform to
extend its static application security testing (SAST) and software
composition analysis (SCA) capabilities to the developer's desktop
through the native integration of the Code Sight™ IDE plugin. These
capabilities, the first of their kind, will enable developers to
proactively find and fix both security weaknesses in proprietary code
and known vulnerabilities in open source dependencies simultaneously,
without leaving their interactive development environment (IDE).
With the new SCA capabilities, developers can review known vulnerabilities of flagged components to verify the risk and determine remediation options, all without leaving the IDE.
Code Sight plugin provides vulnerability information from Black Duck
Security Advisories (BDSAs), researched by Synopsys, as well as public
CVE records from the National Vulnerability Database (NVD).
The Code Sight plugin also helps developers quickly identify and select the best fix for vulnerabilities by providing detailed remediation guidance, directing them to more secure component versions. Developers can then implement fixes at once, without interrupting their workflow or leaving the IDE.
In addition to vulnerability information, the Code Sight plugin provides other information developers can use to optimize component selection, including open source license risks and potential security and license compliance violations of the organization's predefined open source policies.