Synopsys Application Security

Black Duck from Synopsys

Black Duck from Synopsys

Open Source software development has gained momentum. It allows development teams of an enterprise to deliver solutions quickly, enabling them to compete better in the market. However, there is a real threat to security and legal compliances stemming from the fact that the open source code may be vulnerable to hacking.  Software Composition Analysis (SCA) is an application security methodology that mitigates the risk inherent with open source components. Using SCA, development teams can quickly track and analyze any open-source component brought into a project.

Black Duck from Synopsys is a comprehensive SCA for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Black Duck gives users unmatched visibility into third-party code, enabling the development team to control it across the software supply chain and throughout the application life cycle. With the meteoric rise in usage of open source software, Black Duck is a key component of Synopsys’ Software Integrity Platform, the most comprehensive solution for integrating security into the SDLC and software supply chain.

Synopsys Black Duck empowers the user’s development, operations, procurement, and security teams to:

  • Find and fix security vulnerabilities at each stage in the SDLC, with detailed, vulnerability-specific remediation guidance and technical insight
  • Eliminate risk of open source license noncompliance and safeguard your intellectual property by using the industry’s largest open source knowledge base to identify which of 2,650 licenses are relevant to the open source in your applications (including code snippets from larger components)
  • Avoid development cost overruns and combat code decay with operational risk metrics associated with poor open source code quality
  • Scan virtually any software, firmware, and source code to generate a comprehensive bill of materials (BOM) of what’s inside
  • Automatically monitor for new vulnerabilities that affect your BOM, with custom policies and workflow triggers to accelerate remediation and reduce your risk exposure

Black Duck from Synopsys has been named a leader in SCA by Forrester, and DesignTech Systems is the distributor for Black Duck in India.