Synopsys has announced it has been recognised as a leader in The Forrester Wave: Software Composition Analysis, Q2 2023. The report identifies the 12 most significant vendors in the software composition analysis (SCA) market and evaluates them against 32 criteria grouped into three high-level categories: current offering, strategy, and market presence.
Synopsys’ Black Duck SCA solution received among the highest scores in the market presence category and ranked second in the current offering category.
The report states: “A staggering 78% of codebases are open source, which leaves a majority of an application’s code at risk due to third-party sources. Application security and application development leaders rely on software composition analysis tools to deliver visibility into the security and license risk of open source and third-party libraries.
“SCA vendors differentiate by not only effectively finding and remediating security and license risk but also leaning into software supply chain use cases, a recent focus of governments and the private sector.”
Within the current offering category, Synopsys received the highest scores possible in the SBOM (software bill of materials) management and policy management criteria and tied for the second highest score in the vulnerability identification criterion. Within the strategy category, Synopsys received the highest score possible in the supporting services and offerings criterion.
According to the report, “Black Duck’s powerful policy engine boasts more than 40 criteria, including security risk, such as exploitability, fix availability, and reachability; license risk, such as needs review; component attributes, such as direct or transitive dependency; and operational risk, such as number of commits and contributors in the past year and component age. The policy is uniformly enforced in the IDE, pull requests, and pipeline scanning.”
“We’re honoured to be recognised by Forrester as a leader in this evaluation,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Identifying and managing risk in open source software components and the broader software supply chain is a critical part of building trust in your software.
“As a pioneer in software composition analysis with highly differentiated technology and an open source database that has been developed and enhanced over the past two decades, Black Duck SCA is uniquely positioned to help organisations across all industries secure their software supply chains.”