Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis (SCA) solution. This offering aids organisations in mitigating upstream risks within their software supply chains.
Black Duck® Supply Chain Edition amalgamates various open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to offer a comprehensive perspective on software risks originating from open source, third-party, and AI-generated code sources.
Development and security teams can now trace dependencies throughout the application lifecycle, thereby identifying and rectifying security vulnerabilities, malicious packages, and license violations/conflicts.
Supply Chain Edition builds upon Black Duck’s leading capabilities, providing a complete set of supply chain security features to teams tasked with constructing secure, compliant applications.
Jason Schmitt, General Manager of the Synopsys Software Integrity Group, emphasises the critical importance of understanding and thoroughly scrutinising software portfolios amidst the surge in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. He says, “This requires constant vigilance over the patchwork of software dependencies that get pulled in from a variety of sources, including open source components downloaded from public repositories, commercial software packages purchased from vendors, code generated from AI coding assistants, and the containers and IT infrastructure used to deploy applications. It also requires the ability to detect and generate actionable insights for a wide range of risk factors, such as known vulnerabilities, exposed secrets, and malicious code. Black Duck Supply Chain Edition combines a suite of best-in-class capabilities to streamline these requirements and attest to the results in standardised or customised SBOM formats.”
Key features of Black Duck Supply Chain include multiple open source detection technologies, third-party SBOM import and analysis, malware detection leveraging technology from ReversingLabs, risk identification and mitigation, IP risk and license compliance management, and industry-standard SBOMs.
Black Duck® Supply Chain Edition will be available on April 25 and showcased at the RSA Conference in San Francisco at the Synopsys Software Integrity Group booth, #1027, from May 6 to 9.
