Synopsys Leads Software Composition Analysis by Independent Research Firm


Editor’s brief: Leading software security vendor Synopsys’ Software Integrity Group has been named as a leader in the latest Forrester Wave: Software Composition Analysis, Q2 2023 Report. Read more below.

SINGAPORESynopsys, Inc. (Nasdaq: SNPS) today announced its leadership in The Forrester Wave™: Software Composition Analysis, Q2 2023. The paper examines the 12 largest software composition analysis (SCA) providers on 32 criteria in three high-level categories: present offering, strategy, and market presence. Synopsys’ Black Duck® SCA solution scored highly in market presence and second in current offering.

The report states: “A staggering 78% of codebases are open source, which leaves a majority of an application’s code at risk due to third-party sources. Application security and application development leaders rely on software composition analysis tools to deliver visibility into the security and license risk of open source and third-party libraries. SCA vendors differentiate by not only effectively finding and remediating security and license risk but also leaning into software supply chain use cases, a recent focus of governments and the private sector. Black Duck’s powerful policy engine boasts more than 40 criteria, including security risk, such as exploitability, fix availability, and reachability; license risk, such as needs review; component attributes, such as direct or transitive dependency; and operational risk, such as number of commits and contributors in the past year and component age.”

Synopsys scored highest in SBOM (software bill of materials) management and policy management and tied for second in vulnerability discovery in the current offering category. Synopsys scored top in supporting services and offerings in the strategy category.

“We’re honored to be recognised by Forrester as a leader in this evaluation,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Identifying and managing risk in open source software components and the broader software supply chain is a critical part of building trust in your software. As a pioneer in software composition analysis with highly differentiated technology and an open source database that has been developed and enhanced over the past two decades, Black Duck SCA is uniquely positioned to help organisations across all industries secure their software supply chains.”