Today, Synopsys Inc., a leading electronic design automation company, unveiled the Black Duck Supply Chain Edition. This new software composition analysis tool aims to help organizations mitigate risks in their software supply chains by identifying and addressing vulnerabilities and threats in upstream components. The Black Duck Supply Chain Edition integrates various open-source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection capabilities. By offering insights into risks inherited from open-source, third-party, and AI-generated code, the tool enables development and security teams to track dependencies throughout the application lifecycle.
Jason Schmitt, General Manager of the Synopsys Software Integrity Group, emphasized the importance of safeguarding against supply chain attacks. He noted the necessity for constant vigilance over the diverse array of software dependencies sourced from open repositories, vendors, AI-generated code, and IT infrastructure. Schmitt highlighted the tool’s role in detecting and providing actionable insights for a range of risk factors, including known vulnerabilities, exposed secrets, and malicious code. The Black Duck Supply Chain Edition provides a suite of features designed to enhance the security and compliance of software supply chains. It employs advanced open-source detection technologies, including package dependency, CodePrint, snippet, binary, and container analyses, to identify components across various programming languages. Additionally, the platform can import and analyze SBOMs from third-party suppliers, automating the cataloging of open-source, commercial, and custom components.
Integration with ReversingLabs’ malware detection technologies enhances post-build analyses, identifying potential threats such as suspicious files and malware. The tool also facilitates risk identification, mitigation, and compliance management by continuously monitoring for vulnerabilities, exposed secrets, and malicious packages. It assists in managing intellectual property risks and ensuring software license compliance by identifying associated licenses and providing guidance on compliance issues. Synopsys, known for its commitment to software security, previously made headlines in March with the release of Synopsys fAST Dynamic, a dynamic application security testing offering optimized for modern web applications and DevSecOps workflows. This release complements the company’s existing capabilities on the Synopsys Polaris Software Integrity Platform, including fAST Static and fAST SCI, introduced in 2023.
Your source for supply chain report news updates: The Supply Chain Report. For international trade insights and tools, head to ADAMftd.com.
#SynopsysNews #SoftwareSecurity #SupplyChainEdition #TechNews #CybersecurityNews
