Synopsys named a leader in software composition analysis by Forrester Wave

Black Duck Software Components Analysis Earns Top Score in the "Market Share" Category and Ranks Second in "Existing Products"

Recently, Synopsys, Inc. announced that it was named a leader in the "Software Composition Analysis, Second Quarter 2023" report released by Forrester WaveTM. The report analyzes 12 highly influential vendors in the software composition analysis (SCA) market and evaluates them based on 32 criteria in three high-level categories: existing products, strategy and market share. Among 10 vendors, Synopsys' Black Duck® software composition analytics solution received the highest score in the "Market Share" category and ranked second in the "Existing Products" category.

Synopsys Black Duck® Software Composition Analysis (SCA) helps teams manage the security, quality, and license compliance risks associated with using open source and third-party code in applications and containers. The solution can also build an accurate software bill of materials (SBOM) in minutes to secure the software supply chain.

The report states: “Up to 78% of code bases are open source, leaving a large portion of an application’s code at risk due to third-party sources. Application security and application development leaders rely on software composition analysis tools to provide visibility into open source and third-party libraries. Visibility of security and licensing risks. The main differences between different SCA vendors are the ability to effectively detect security and licensing risks and take timely remediation measures, and whether there are software supply chain management use cases that are of recent concern to government and industry. focus." 

In the "Existing Products" category, Synopsys received top scores in the software bill of materials (SBOM) management and policy management standards and tied for second in the vulnerability identification standard. In the Strategy category, Synopsys received top scores for support services and product standards.

The report states: "Black Duck Software Composition Analysis' powerful policy engine features more than 40 criteria, including security risks such as exploitability, fix availability, and reachability; licensing risks such as requirements review; component attributes such as direct or transitive dependencies "

"We are honored to be recognized by Forrester as a leader in software composition analysis," said Jason Schmitt, general manager of Synopsys Software Quality and Security . "Identifying and managing risks in open source software components and the broader software supply chain is key to building trustworthy software." Key part. Black Duck SCA is one of the first products in this field and has unique advantages. Over the past two decades, the Black Duck team has continuously developed and enhanced highly differentiated technologies and open source databases to help enterprises and institutions in different industries. Protect its software supply chain."