In a recent announcement, Synopsys, Inc. has been acknowledged as a leader in The Forrester Wave™: Software Composition Analysis, Q2 2023. This report, which identifies the top 12 vendors in the software composition analysis (SCA) market, evaluated them based on 32 criteria grouped into three categories: current offering, strategy, and market presence. Synopsys’ Black Duck® SCA solution received exceptional scores, securing a prominent position.
The report highlights the significance of software composition analysis tools, as a staggering 78% of codebases consist of open-source components, leaving applications susceptible to risks from third-party sources. Application security and development leaders rely on SCA solutions to gain visibility into security and license risks associated with open-source and third-party libraries. SCA vendors distinguish themselves not only by effectively identifying and remediating security and license risks but also by addressing software supply chain use cases, a growing focus of both governments and the private sector.
Synopsys’ Black Duck® SCA solution excelled in the current offering category, achieving the highest scores in software bill of materials (SBOM) management and policy management, while ranking second in vulnerability identification. In the strategy category, Synopsys received the highest possible score for supporting services and offerings.
The report highlights the power of Black Duck’s policy engine, which encompasses more than 40 criteria covering security risk, license risk, component attributes, and operational risk. The policy is consistently enforced across integrated development environments (IDEs), pull requests, and pipeline scanning.
Jason Schmitt, the general manager of the Synopsys Software Integrity Group, expressed gratitude for the recognition, stating, “Identifying and managing risk in open-source software components and the broader software supply chain is a critical part of building trust in your software.” Schmitt emphasized Synopsys’ pioneering role in software composition analysis and the unmatched capabilities of Black Duck SCA, a solution backed by decades of technological advancements and an extensive open-source database. This places Black Duck SCA in a unique position to assist organizations across various industries in securing their software supply chains.
14 June 2023