Black Duck® announced today that it has been recognised as a leader in The Forrester Wave™: Software Composition Analysis, Q4 2024. This comprehensive report highlights the 10 most significant vendors in the Software Composition Analysis (SCA) market, assessing them on 25 criteria within two main categories: current offerings and strategic direction. Black Duck achieved the highest possible scores in nine of these criteria, ranking second overall in the current offering category.
According to the report: “A notable 77% of codebases are composed of open-source software, presenting significant risk from third-party sources. Application security and development leaders rely on SCA tools to address security vulnerabilities and licensing issues inherent in open-source and third-party libraries. SCA providers differentiate themselves by proactively managing software supply chain risks while ensuring security and licensing compliance.”
Within the current offering category, Black Duck scored the highest in critical areas, including:
– Component Identification & Analysis
– License Detection, Analysis, & Guidance
– Risk Intelligence
– SBOM Generation, Export, and Sharing
– SBOM Ingestion and Analysis
– Policy Management
– Language Support
In the strategy category, Black Duck earned top marks for:
– Innovation
– Supporting Services and Offerings
The report further states: “Black Duck Software provides robust analysis of open-source, third-party, and proprietary code, excelling in vulnerability, licensing, and copyright detection. Its SBOM management, generation, export, and analysis capabilities rank among the best. Policy management is particularly strong, with over 40 criteria covering operational health, license risk, and security risk.”
“We’re honored by Forrester’s recognition as a leader so soon after launching Black Duck as an independent entity,” said Jason Schmitt, CEO of Black Duck. “Mitigating risk in open-source components and the broader software supply chain is essential to building trust in software. As a pioneer in software composition analysis, supported by a distinguished technology and open-source database refined over decades, Black Duck SCA is uniquely positioned to empower organisations across industries in securing their software supply chains.”