Case Study: ZPE Systems achieves industry-leading security and a notable reduction in CVEs with Synopsys application security testing

The Nodegrid OS and ZPE Cloud achieve the industry’s highest security level with Synopsys

ZPE Systems, a leader in out-of-band management and critical infrastructure automation trusted by six of the top ten global tech companies, faced the challenge of securing complex software across the entire development lifecycle. Their platform blends proprietary, open source, and third‑party components (including embedded firmware), making supply‑chain visibility and timely patching difficult—average fixes can take more than 205 days—so ZPE needed a way to identify and address vulnerabilities even when source code wasn’t available.

ZPE implemented a layered application security testing strategy with Synopsys—using Coverity for SAST integrated into CI/CD, WhiteHat Dynamic for continuous DAST, and Black Duck (including Binary Analysis) to generate SBOMs and detect supply‑chain risks. This comprehensive approach reduced CVEs on deployed systems, improved prioritization and remediation speed, and helped shrink the company’s attack surface, reinforcing ZPE’s position as a trusted, security‑conscious partner for critical infrastructure automation.

ZPE Systems

Koroush Saraf

Vice President of Product Management