Synopsys has been recognized as a Leader in The Forrester Wave™: Software Composition Analysis, Q2 2023, based on an evaluation of Black Duck®, our software composition analysis (SCA) solution.
Based on an examination conducted by an independent research firm, this report evaluated the top 12 SCA providers against 32 criteria grouped into three categories.
Takeaways from the report include how the SCA providers scored against evaluation criteria such as vulnerability identification, software supply chain security, product vision, and market approach.
A staggering 78% of codebases are open source, which leaves a majority of an application’s code at risk due to third-party sources. Application security and application development leaders rely on software composition analysis tools to deliver visibility into the security and license risk of open source and third-party libraries. SCA vendors differentiate by not only effectively finding and remediating security and license risk but also leaning into software supply chain use cases, a recent focus of governments and the private sector."
The Forrester Wave™:
|Software Composition Analysis, Forrester Research, Inc. | Q2 2023
Among the 12 SCA providers evaluated, Synopsys received
Black Duck’s powerful policy engine boasts more than 40 criteria, including security risk, such as exploitability, fix availability, and reachability; license risk, such as needs review; component attributes, such as direct or transitive dependency; and operational risk, such as number of commits and contributors in the past year and component age. The policy is uniformly enforced in the IDE, pull requests, and pipeline scanning."
The Forrester Wave™:
|Software Composition Analysis, Forrester Research, Inc. | Q2 2023
Download the report to learn why SCA is critical to secure modern application development and how the top vendors score against evaluation criteria such as software supply chain security, policy management, remediation, and breadth of coverage.