Synopsys provides Code Sight Standard Edition, a standalone version of the Code Sight plug-in for integrated development environments (IDEs).
This will allow developers to quickly find and fix security flaws in source code, open source dependencies, infrastructure-as-code files, etc., before committing their code. Code Sight Standard Edition leverages Synopsys’ Rapid Scan Static and Rapid Scan SCA technologies to provide fast, lightweight application security scanning within the developer’s IDE, avoiding costly rework caused by issues discovered later in the software development life cycle (SDLC).
According to Synopsys, by allowing developers to fix security flaws while they code, Code Sight Standard Edition reduces the burden on downstream security testing and minimizes costly rework to address issues discovered after developers switch to other projects.
Code Sight Standard Edition, which is currently available for the Visual Studio Code IDE, works independently of centralized security testing tools such as Coverity SAST and Black Duck SCA, which are typically used later in the SDLC.
Developers can download and install Code Sight directly from VS Code Marketplace and start analyzing their code in less than five minutes. Code Sight Standard Edition is available for free for a 30-day trial period.
“In the era of modern software development, speed is king and software risk equals business risk,” said Jason Schmitt, general manager of Synopsys Software Integrity Group. “This means that developers take on a huge responsibility in protecting their organizations and they don’t have the luxury of stopping and analyzing. Equipping them with technology that helps them write more secure code upfront can significantly reduce the time spent fixing security flaws in source and code later in the SDLC.
“However, these benefits cannot be achieved if developers are forced to change the way they work or switch from one tool to another. Code Sight is unique because it integrates industry-leading open source and code analysis technology, optimized for developers’ demands for speed, all right into the tool they already use.”