Synopsys Named a Leader in the 2022 Gartner Magic Quadrant for Application Security Testing for the Sixth Year

Monday, April 25, 2022

In the 2022 Gartner® Magic QuadrantTM for Application Security Testing, Synopsys placed highest and farthest right for the fourth consecutive year for our Ability to Execute and our Completeness of Vision.

What does it take to be a leader?

Leadership is a funny thing. It’s often difficult to define in the abstract but easy to identify in practice. At Synopsys, we believe leadership comes from dedication and devotion to a purpose beyond ourselves. It’s an approach we take seriously and apply on behalf of our customers every day. In our case, that means helping organizations build trust in their software by enabling them to manage application security, quality, and compliance risks at the speed their business demands.

For the sixth consecutive year, Gartner has positioned Synopsys as a Leader in the Magic Quadrant for Application Security Testing (AST). And for the fourth consecutive year, Synopsys is placed highest and farthest right for our Ability to Execute and our Completeness of Vision.

Download the Gartner report

We believe this continued recognition from Gartner reflects our commitment to building trust in software and to helping our customers succeed by bridging the gap between development and security and enabling their developers to move faster—and, ultimately, to protect their bottom lines by managing software risk.

Gartner magic quadrant appsec testing

Software risk is business risk

For our customers, speed to market is the name of the game—but so is reliability, security, and trust. Whether they are selling software directly or relying on it to run their operations, our customers’ ability to innovate and deliver value is powered by secure, reliable software.

We continue to invest heavily in ensuring that our customers can deliver software their users trust.

Last June, we acquired Code Dx®, the provider of an award-winning application security risk management solution that automates and accelerates the aggregation, correlation, deduplication, and prioritization of software vulnerabilities from Synopsys and third-party vendors alike. Code Dx provides consolidated risk reporting that creates a system of record for security testing and enables actionable insight into software risk across the organization.

Last July, Synopsys announced the availability of new rapid scan capabilities within Coverity® static application security testing (SAST) and Black Duck® software composition analysis (SCA) solutions. The rapid scan features provide fast, lightweight vulnerability detection for both proprietary and open source code, and they are optimized for the early stages of the software development life cycle (SDLC), particularly for cloud-native applications and infrastructure-as-code (IaC) files.

Last October, we also enhanced Black Duck to address customers’ emerging needs around securing their software supply chains. The enhancements enable Black Duck customers to produce a software Bill of Materials in the standardized SPDX 2.2 format approved by the National Institute of Standards and Technology, a necessary capability for software vendors to comply with Executive Order 14028.

In February of this year, Synopsys announced the general availability of Code Sight™ Standard Edition, a standalone version of the Code Sight plugin for integrated development environments. The new version enables developers to find and fix security defects quickly in source code, open source dependencies, and IaC files, before committing their code.

Ushering in a new generation of AppSec

These investments are a continuation and evolution of traditional application security (AppSec). They are enabling a new generation of AppSec, one that provides intelligent, context-aware risk management.

We believe that the future of trusted software isn’t based solely on integrating and automating AST tools. It’s about intelligently running the right tests at the right time and giving teams the ability to focus on the issues that matter most to their business. This is the genesis behind our Intelligent Orchestration solution, which we launched last spring. Intelligent Orchestration runs only the tests our customers need, when they need them, and then filters results based on risk, so their developers can achieve maximal impact at minimal cost.

Industry-leading portfolio of products and services

Underlying our innovation and focus on next-gen AppSec solutions is our comprehensive suite of security tools and services.

The strength of our portfolio comes through in two dimensions.

  • Our portfolio is the most comprehensive in the market, supplementing the foundational elements of SAST (Coverity), DASTIAST (Seeker®), and SCA (Black Duck) with unique offerings such as Defensics® protocol fuzzing, Synopsys API Scanner, and now Code Sight.
  • Each tool stands on its own as a market leader in its functional area. For example, Coverity and Black Duck are Leaders in The Forrester Wave™ reports for SAST and SCA, respectively.

What’s next?

Synopsys is more committed than ever to helping our customers succeed in building trust in their software at the speed their business demands, so they can turn software security from a productivity inhibitor into a business enabler and competitive advantage.

We will continue to provide market-leading solutions that enable our customers to address the security of everything that goes into their software, decrease risk without jeopardizing their digital transformations or delaying their product releases, and align their people, processes, and technology to address software risk across their organizations and at every stage of their development life cycles.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

This post was originally published in

To learn more about Coverity, Black Duck and Code Dx, contact Lexington Soft to schedule a demo.