日本シノプシス List of Products and Services

By using Synopsys' "Managed SAST," teams with limited resources and skills can easily implement static analysis and systematically identify and eliminate security vulnerabilities hidden in the source code. At the Assessment Center, you can always access a team of security testing experts equipped with tools and disciplines suited to analyze your codebase. We have resources available that can quickly adapt to changes in scale. 【Features】 ■ Reduces the risk of data leakage ■ Provides solid support until issues are resolved ■ Offers four selectable depths ■ Scalable to accommodate periods requiring extensive testing ■ Easily adaptable to changes in business requirements and evolving threats *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other services

The synopsis of "Managed NST" provides the necessary network test coverage to achieve your risk management goals through flexible, scalable, and low-cost testing. At the assessment center, a team of network security testing experts equipped with the appropriate skills, tools, and disciplines for analyzing your network and systems is always available. This not only eliminates testing deficiencies but also allows for scalable responses during periods requiring a large volume of testing. **Key Benefits** - Manage services through an easy-to-use on-demand portal - Resolve issues of insufficient resources for adequately testing networks and systems - Obtain high-quality NST results for various networks at any time - Receive thorough explanations of test results and support in creating suitable action plans based on your requests *For more details, please refer to the PDF materials or feel free to contact us.*

• Software (middle, driver, security, etc.)
• Other security
• Other services

By using Synopsys' "Managed DAST," teams with limited resources and skills can easily implement dynamic analysis to systematically identify and eliminate security vulnerabilities lurking in web applications and web services. Thorough result analysis, detailed report creation, and practical countermeasure guidelines are provided by combining manual-based assessments with tool-based evaluations. The dedicated security expert team continuously reviews testing methods to reflect new vulnerability information. 【Features】 ■ Identify security vulnerabilities in running web applications and reduce the risk of data leaks ■ Provide resources that can quickly respond to changes in scale ■ Choose from two levels of testing depth ■ Strong support until issues are resolved *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other services

By using Synopsys' Managed AST, you can achieve the application test coverage necessary to meet your risk management goals. By combining multiple testing tools, automated scans, and detailed manual testing, we can provide a more comprehensive perspective on application security assessments than ever before. Leveraging the experience and knowledge gained from conducting up to 1,000 Managed ASTs each month, our experts deliver high-value test results. 【Features】 ■ Manage services through an easy-to-use on-demand portal ■ Resolve concerns about insufficient resources for thorough application testing ■ Obtain high-quality test results for various applications at any time ■ Provide detailed explanations of test results and assist in creating suitable action plans based on your needs ■ Conduct scalable testing ■ Utilize both manual-based assessments and tool-based evaluations *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other services

By using Synopsys' Managed MAST, you can easily implement the analysis of client-side code, server-side code, and third-party libraries, systematically identifying and fixing security vulnerabilities in mobile applications without the need for source code. This alleviates the concern of insufficient resources for adequately testing mobile applications. We will carefully explain the test results and assist in creating suitable action plans based on your requests. 【Features】 ■ Resources that can quickly respond to changes in scale ■ Two levels of testing depth available - Managed MAST–Standard - Managed MAST–Comprehensive ■ Strong support until the issues are resolved *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other services

By using Synopsys' "Managed Penetration Testing," you can easily implement exploratory risk analysis and business logic testing, systematically identifying and eliminating critical vulnerabilities lurking in operational web applications and web services without the need for source code. Services can be managed through an easy-to-use on-demand portal. You can easily schedule tests, select test depth, and make changes in response to evolving business requirements or threats. 【Features】 ■ Resources that can quickly adapt to changes in scale ■ Two test depths to choose from - Managed Penetration Testing – Essential - Managed Penetration Testing – Standard ■ Comprehensive support until issues are resolved *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other services

The synopsis of "e-Learning" offers a results-oriented training solution from the learner's perspective, allowing easy access to security courses tailored to their needs at any time. Learners can access an intuitive platform designed to learn advanced security knowledge in a story format on demand, experiencing immersive continuous learning. This enhances developers' security competencies and contributes to the organization's compliance with security standards. 【Features】 ■ Cutting-edge learning environment design ■ Course overview introduction through animations ■ Case studies of exploits ■ In-depth technical explanations ■ Frequent checks and assessments of understanding *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Distance learning/E-learning

Synopsys supports the building of reliable software by achieving risk management related to application security, quality, and compliance at the speed required by business. It fully visualizes the risks lurking in various locations of software assets. This enables proactive risk management rather than the traditional reactive vulnerability measures, allowing organizations to focus on critical issues. 【Services to help build and optimize AppSec programs】 ■ Strategy and Planning ■ Threat and Risk Assessment ■ Open Source Auditing ■ Security Training ■ Consulting ■ Customer Success *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other analyses

"Polaris" integrates Synopsis's powerful software integrity products and services into a single, easy-to-use solution. Security and development teams can build secure, high-quality software in a shorter time frame. "Polaris Code Sight" is an IDE plugin that extends the functionality of IntelliJ, Eclipse, and Visual Studio, allowing developers to identify and fix security vulnerabilities and weaknesses within the same environment while writing code. 【Features】 ■ Fix security flaws while writing code ■ Fully visualize application security risks ■ Automate security checks for applications throughout the SDLC ■ Developer training to support the creation of more secure applications ■ Simple implementation and management, regardless of scale *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security

"Intelligent Orchestration" offers a customized AppSec pipeline that automates security testing not only at certain stages of the software development lifecycle but throughout the entire process. Based on the importance of code changes, total risk scores, and the organization's unique security policies, appropriate security tools are automatically executed. Even in large enterprise environments, it becomes easy to apply security processes and policies across all applications throughout the organization. 【Features】 ■ Only information regarding high-priority vulnerabilities is presented to developers based on the organization's security policies. ■ Users can set feedback after scanning. ■ You can define and customize how weights are assigned to the criteria for calculating the total risk score. *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security

PCI DSS is a data security standard applicable to all entities involved in payment card processing, including retailers, financial institutions, POS vendors, and hardware/software developers engaged in the development and operation of payment processing infrastructure. The static analysis tool 'Coverity' identifies critical quality defects and potential security vulnerabilities early in the software development lifecycle. By providing developers with reliable and specific remediation guidance, it contributes to risk reduction and overall project cost savings. 【PCI DSS Compliance Requirements (6 Groups)】 ■ Build and maintain a secure network and systems ■ Protect cardholder data ■ Maintain a vulnerability management program ■ Implement strong access control measures ■ Regularly monitor and test networks ■ Maintain an information security policy *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other analyses

Coverity combines speed, ease of use, accuracy, compliance with industry standards, and scalability to support the development of high-quality and secure applications. It can identify critical quality defects and security vulnerabilities early in the coding phase of the development process, minimizing the effort and cost of fixes. Additionally, through e-learning, developers without security expertise can quickly understand how to address high-priority issues. 【Features】 ■ Fast and high-precision analysis ■ Comprehensive reporting and compliance visualization ■ Scalability and agility suitable for enterprise environments ■ Integration with the Software Development Life Cycle (SDLC) ■ Centralized management of issues through dashboards ■ Enhanced standard compliance and vulnerability detection *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other analyses

"Code Sight" is an IDE-based application security solution. It allows you to detect and fix security issues without switching tools while coding, so it does not disrupt your workflow. Additionally, it operates at extremely high speed and can instantly analyze large codebases. The detailed remediation guidance displayed directly within the IDE not only aids in the rapid resolution of issues but also contributes to long-term improvements in coding quality. 【Features of Code Sight Standard Edition】 ■ Automatically scans and analyzes source code and IaC files in progress ■ Detected issues are directly highlighted in the editor window, making identification easy ■ Vulnerability descriptions and CVE or BDSA IDs are displayed directly within the IDE ■ Severity information based on CVSS scores makes prioritizing fixes easier *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security

"Code Dx" is an Application Vulnerability Correlation (AVC) solution that centralizes AppSec data and provides actionable insights. It supports integration with over 100 developer and application security testing tools. It is capable of prioritizing test results based on risk and providing manageable reports. This allows for complete visibility of risks across all software assets of an organization from a central console. 【Features】 ■ Customizable and extensible correlation rules ■ Triage Assistant that automatically prioritizes based on machine learning ■ Compliance with over 20 types of compliance standards ■ Full bidirectional integration with the bug tracking tool Jira ■ Built-in support for 16 types of open-source testing tools *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security

Black Duck Software Composition Analysis (SCA) offers two editions: "Security Edition" and "Professional Edition," both available for immediate use. Both editions allow for the additional integration of "Black Duck Binary Analysis" and cryptographic modules. This enhances visibility into the risk status of applications and enables more robust management of open source and third-party software usage. 【Features】 <Black Duck Security Edition> ■ Automatically monitors for new vulnerabilities in open source components registered in the BOM ■ Automatically generates Notice files with copyright notices ■ Allows for the definition of custom policies that can be automatically applied in Black Duck ■ Quickly analyzes vulnerabilities and policy violations in open source dependencies *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other analyses

"Black Duck Audit" provides the necessary information to quickly diagnose various risks lurking in the software of the acquired company or your own. It detects various risks that affect the value of software assets, including open source license mismatches and security vulnerabilities. It visualizes whether the overall software quality and management of software development are satisfactory. 【Features】 <Open Source/Third-Party Software Audit> ■ Open Source/Third-Party Code Audit ■ Open Source Risk Assessment ■ Web Service and API Risk Audit *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other services

"Black Duck Binary Analysis" is a Software Composition Analysis (SCA) solution aimed at the continuous management of risks associated with modern complex software supply chains. It visualizes the composition of commercial applications, vendor-provided binaries, and other third-party software. It strongly supports procurement, operations, and development teams. 【Features】 ■ Generates a complete Software Bill of Materials (BoM) in a short time ■ Identifies known security vulnerabilities, related licenses, and code quality risks ■ Analyzes binary code instead of source code ■ User-friendly dashboard ■ Takes security a step further *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security
• Other analyses

The subscription for "3D Managed Application Security Testing (AST)" allows access to all types of managed AST at a single price with one annual subscription. It covers the scope of testing applications and networks necessary to achieve risk management objectives. You can change the application or external network being tested, as well as the type and depth of the assessment (one test at a time). 【Features】 ■ Tests applications and networks that may not be testable due to resource constraints ■ Consistently provides high-quality test results at any time ■ Assists in developing a remediation plan suitable for customer needs ■ Offers scalable testing through the assessment center without hindering manual reviews *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security

The fuzzing test "Defensics" is a comprehensive and powerful automated black box solution that effectively and efficiently detects and fixes software security vulnerabilities. By incorporating a systematic and intelligent approach to negative testing, it enables the coexistence of product innovation and software security without impacting time-to-market schedules or operational costs. It features a logical user interface, allowing users to easily perform advanced fuzzing tests simply by following on-screen instructions. 【Features】 ■ Intelligent fuzzing engine ■ Comprehensive fuzzing solution ■ Adaptable to various development lifecycles ■ Supports efficient fixes with reports containing a large amount of detailed data ■ Scalable fuzzing tests through automation *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)

"Black Duck" is a comprehensive solution for managing the risks of security, license compliance, and code quality that arise when using open source in applications and containers. Certified as a leader in Software Composition Analysis (SCA) by Forrester. Maximizes visibility of third-party code and manages it across the entire software supply chain and throughout the application lifecycle. 【Features】 ■ Improved accuracy and efficiency of analysis ■ Rapid detection and remediation of vulnerabilities ■ Automatic enforcement of security and usage policies ■ Identification of open source risks even without source code *For more details, please refer to the PDF document or feel free to contact us.

• Software (middle, driver, security, etc.)
• Other security and surveillance systems
• Document and Data Management

The interactive application security testing (IAST) solution "Seeker" from Synopsis maximizes the visibility of the security status of web applications and identifies vulnerability trends in relation to compliance standards such as OWASP Top 10, PCIDSS, GDPR, and CAPEC. It also has the capability to identify sensitive data and track whether it is being handled securely, preventing this information from being stored in log files or databases that are not protected by strong encryption. Since it can be seamlessly integrated into CI/CD workflows, IAST security testing can be executed quickly at the speed of DevOps. 【Features】 ■ Equipped with active verification capabilities ■ Easy from implementation to operation ■ Provides a clear overview of web application URL detection and coverage ■ Tracking of sensitive data ■ Achieves high scores on OWASP benchmarks *For more details, please refer to the PDF document or feel free to contact us.

• Other security
• Software (middle, driver, security, etc.)
• Other security and surveillance systems

Coverity combines speed, ease of use, accuracy, compliance with industry standards, and scalability to support the development of high-quality and secure applications. Coverity can identify critical quality defects and security vulnerabilities early in the development process during coding, minimizing the effort and cost of fixing them. With accurate and specific remediation advice, along with context-sensitive e-learning, developers without security expertise can quickly understand how to address high-priority issues. Coverity seamlessly integrates automated security testing into CI/CD pipelines, supporting existing development tools and workflows. Additionally, Coverity can be deployed as a cloud-based Polaris Software Integrity Platform, providing a scalable application security platform not only on-premises but also in a SaaS model, depending on the development location and style. Coverity supports 22 languages and over 70 frameworks and templates.

• Other security