Singapore, April 11, 2019 – Synopsys, Inc. (Nasdaq: SNPS) today announced it has been recognized as a leader in The Forrester Wave™: Software Composition Analysis, Q2 2019.
The report identifies the 10 most significant software composition analysis (SCA) providers and evaluates them against 33 criteria which were grouped into three high-level categories: current offering, strategy, and market presence. Synopsys’ Black Duck® SCA solution received the highest possible score in the Software Development Life Cycle (SDLC) integration, policy management, and training criteria and received the top ranking in the Market Presence category. In the report, Forrester notes that the Black Duck solution has “very strong policy management and SDLC integrations and strong proactive vulnerability management.”
“Open source software is the backbone of modern software development and a key enabler of speed, efficiency and innovation,” said Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group. “But without vigilance, it can also be the conduit for risk. Through the Black Duck solution, we help our customers embrace the benefits of open source while proactively managing its inherent risk in a seamless, DevOps-friendly experience. We believe that being named a leader by Forrester validates our approach to helping the world build secure, high-quality software faster.”
In the report, Forrester explains that developers “no longer write all of their own code to solve every problem. Instead, they assemble, configure, and automate their code and often rely on common open source components to quickly add application functionality.” The report points out that “these same critical open source components continue to present a risk to businesses.” As a result, SCA has become critical to secure modern application development. Organizations should seek SCA providers that provide actionable remediation guidance, flexible policy management, and out-of-the-box risk reports that meet the needs of both developers and CISOs.
The Black Duck solution provides a comprehensive software composition analysis solution for managing security, quality, and license compliance risk that comes from the use of open source and third-party code in applications and containers. The Black Duck solution gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.