Synopsys Software Risk Manager Simplifies Enterprise-Scale Application Security Testing

Synopsys, Inc is launching the Synopsys Software Risk Manager platform, a powerful new application security posture management (ASPM) solution that enables security and development teams to simplify, align, and streamline their application security testing across projects, teams, and application security testing (AST) tools.

The solution aligns intelligent policy-driven orchestration and vulnerability management capabilities with the Synopsys Software Integrity Group’s SAST and SCA engines, with broad support for other open-source and commercial AST tools. In combination, Synopsys’ ASPM solution delivers an enhanced ability to implement application security consistently across any organization, according to the vendor.

“Application security programs need to be effective and efficient at reducing software risk in order to deliver value,” said Jason Schmitt, general manager of Synopsys’ Software Integrity Group. “Many organizations embracing digital transformation are struggling with the complexity and operational costs of managing their software risk at scale. Synopsys Software Risk Manager provides teams with a holistic view of their application security posture while accelerating time to value and reducing the overall cost of their AppSec programs.”

Software Risk Manager is built on the core technologies of Synopsys’ Code Dx and Intelligent Orchestration products, redesigned and enhanced to deliver a comprehensive ASPM solution that enables teams to:

  • Implement policy driven AppSec at scale. Centrally define and enforce universal security policies which specify parameters for test execution and vulnerability management.
  • Unify user experience across disparate application security testing tools. Maximize the value of existing security investments while simplifying resourcing and operations. Improve ability to transition and consolidate tooling across teams.
  • Consolidate vulnerability reporting and management across projects, teams, and tools. Obtain a complete picture of security risks that are normalized, deduplicated, and prioritized across tools.
  • Simplify AppSec integration and orchestration in development workflows. Integrate security workflows within existing developer toolchains and systems and enable quick onboarding for existing projects and builds.
  • Optimize core application security testing with a single, unified solution. Efficiently deploy, manage and report on core application security testing functions leveraging the same market-leading SAST and SCA engines that power Synopsys’ Coverity and Black Duck offerings.

For more information about this release, visit