As a result of a demanding market, developers have often foregone security for speed with security teams typically tagged on at the very end of the development lifecycle. This, however, is an unsustainable, if not unacceptable stance, in today’s environment. The future requires organisations to integrate security from the beginning when the application is built. They need to be able to adapt efficiently to protect new architectures as well as consistently improve on performance. Those who succeed in doing so, stand to thrive, while others will likely fall by the wayside.

In order to determine which organisations stand out amongst the pack, Forrester has pulled together 28 criteria in three high-level categories: current offering, strategy, and market presence. The report specifically advises readers to “look for SAST (static application security testing) solutions that overlay the CI/CD pipeline through out-of-the-box-integrations with popular IDEs, build tools, and code repositories. In addition, seek solutions that provide actionable remediation guidance, with code samples and interactive training reachable through the developer’s toolset.”

In the Forrester Wave Q1 2021 report released this month, of the twelve SAST providers evaluated, Synopsys’ Coverity SAST solution received the highest score and ranked in the top three in the strategy category. Within the current offering category, Synopsys received the top score in the software development lifecycle integration criterion and the highest score possible in the remediation guidance and education criterion. Within the strategy category, Synopsys received the highest scores possible in three of the five criteria: product vision, market approach, and planned enhancements. The Forrester report notes that “Synopsys is a good fit for firms looking for a strong SAST solution that is also part of an overall AST platform.”

“We’re proud to be recognized by Forrester as a leader in the SAST market,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “As one of the foundational solutions in our broad application security testing portfolio, Coverity has not only continued to deliver the value security teams expect from an enterprise SAST tool — but it has also evolved to address emerging use cases, such as enabling frictionless experience for developers and supporting the increasingly diverse ecosystem of toolchains, programming languages, and architectures.”


Download a complimentary copy of The Forrester Wave™: Static Application Security Testing, Q1 2021.


The post Findings of the Forrester Wave SAST 2021 Report appeared first on IT Security Guru.