The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it. Then, we looked at the customer environment, different use cases, the client, and all those kinds of things. We started scanning a few of their applications, getting results, some eye-openers, and identifying critical assets. It's a continuous process, a three-year project, involving continuous security assessment across more than 300 applications. So, my tool, Code Dx, scans all these different applications, revealing design reserves, and it's part of a continuous improvement plan.
Find out what your peers are saying about Black Duck, Veracode, PortSwigger and others in Static Application Security Testing (SAST). Updated: May 2026.
Static Application Security Testing provides tools to identify vulnerabilities in code early in the development cycle, improving security and minimizing risk exposure.SAST focuses on analyzing source code, binaries, or bytecode to detect issues like SQL injection, buffer overflows, and cross-site scripting. This proactive approach enables developers to remediate potential security flaws before applications are deployed. The solution integrates seamlessly with existing CI/CD pipelines,...
The requirements are in such a place where the customers want to do a continuous assessment of their applications. The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it. Then, we looked at the customer environment, different use cases, the client, and all those kinds of things. We started scanning a few of their applications, getting results, some eye-openers, and identifying critical assets. It's a continuous process, a three-year project, involving continuous security assessment across more than 300 applications. So, my tool, Code Dx, scans all these different applications, revealing design reserves, and it's part of a continuous improvement plan.