Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution.
This offering aids organisations in mitigating upstream risks within their software supply chains.
Black Duck® Supply Chain Edition amalgamates various open source detection technologies, automated third-party software bill of materials analysis, and malware detection to offer a comprehensive perspective on software risks originating from open source, third-party, and AI-generated code sources.
Development and security teams can now trace dependencies throughout the application lifecycle, thereby identifying and rectifying security vulnerabilities, malicious packages, and license violations/conflicts.
Supply Chain Edition builds upon Black Duck's leading capabilities, providing a complete set of supply chain security features to teams tasked with constructing secure, compliant applications.
Jason Schmitt, General Manager of the Synopsys Software Integrity Group, emphasises the critical importance of understanding and thoroughly scrutinising software portfolios amidst the surge in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components.
Key features of Black Duck Supply Chain include multiple open source detection technologies, third-party SBOM import and analysis, malware detection leveraging technology from ReversingLabs, risk identification and mitigation, IP risk and license compliance management, and industry-standard SBOMs. Black Duck® Supply Chain Edition will be available on April 25 and showcased at the RSA Conference in San Francisco at the Synopsys Software Integrity Group booth, #1027, from May 6 to 9.
This Cyber News was published on www.itsecurityguru.org. Publication date: Tue, 09 Apr 2024 14:43:05 +0000