Synopsys Buys Code Dx
June 9, 2021
has acquired Code Dx, a provider of an application security risk management
solution that automates and accelerates the discovery, prioritization, and
remediation of software vulnerabilities. The addition of Code Dx enables
Synopsys to offer customers consolidated risk reporting and prioritization
across correlated software vulnerability data produced by Synopsys solutions and
more than 75 third-party and open source application security and development
products. Headquartered in Northport, New York, the acquisition also adds a team
of R&D engineers experienced in vulnerability correlation and integrating
security testing activity across the entire software development pipeline.
The terms of the deal, which are not material to Synopsys' financials, are not
Prior to the acquisition, Code Dx was a valued member of the Synopsys Technology
Alliance Partner (TAP) program. As part of that partnership, Synopsys has worked
closely with Code Dx to support their integrations within the Synopsys product
portfolio. As a result, customers can use Code Dx's offering in conjunction with
Synopsys products immediately.
Synopsys provides the broadest portfolio of application security solutions in
the industry, including static, dynamic, and interactive application security
testing and software composition analysis. The recently introduced Synopsys
Intelligent Orchestration solution uses innovative technology to automatically
determine and initiate the most appropriate security tests using Synopsys and
third-party products based on pre-defined risk policies and changes made to an
application. Code Dx complements and extends these solutions by aggregating and
correlating security testing results from Synopsys products, third-party
products, and open-source products across the pipeline to provide consolidated
risk reporting and facilitate prioritized remediation efforts.
"The complexity and speed of modern software development requires the use of
multiple security testing technologies and rapid testing cycles," said Jason
Schmitt, general manager of the Synopsys Software Integrity Group. "While robust
security testing is vital to securing modern software, it often produces large
amounts of vulnerability data that is difficult to manage at speed and at scale.
Code Dx enables our customers to optimize and harness the breadth of our
application security portfolio, along with third-party tools, by aggregating,
correlating, and prioritizing security testing results based on risk."
The addition of Code Dx makes Synopsys the first vendor to provide the full
spectrum of application security tools and services, including:
complete suite of industry-leading security testing tools
An intelligent orchestration engine that automatically determines and initiates
the appropriate tests for each step in the DevOps workflow
An aggregation, correlation, and prioritization solution for the vulnerabilities
identified during testing
Consolidated application security risk reporting across any commercial and
open-source application security solutions
Consulting and managed services to align people, process, and technology and
address application security risks holistically
The extensibility of Synopsys Intelligent Orchestration and Code Dx enables
organizations to build more efficient and effective testing programs while
leveraging their current investments in application security testing tools.