Synopsys, Inc. has once again proven its dominance in the software composition analysis (SCA) market as it is recognized as a leader in The Forrester Wave™: Software Composition Analysis, Q2 2023. This prestigious report evaluates the top 12 vendors in the SCA market based on 32 criteria categorized into current offering, strategy, and market presence.
According to the report, a significant 78% of codebases are open source, making a majority of an application’s code vulnerable to third-party sources. To mitigate this risk, application security and application development leaders rely on software composition analysis tools to gain visibility into the security and license risks associated with open source and third-party libraries. SCA vendors differentiate themselves by effectively identifying and remediating security and license risks, as well as embracing software supply chain use cases, which have become a recent focus of governments and the private sector.
Among the evaluated vendors, Synopsys’ Black Duck® SCA solution received high scores in the market presence category and ranked second in the current offering category. This recognition is a testament to Synopsys’ commitment to providing top-notch SCA solutions.
In terms of current offering, Synopsys excelled in SBOM (software bill of materials) management, policy management, and vulnerability identification. The company received the highest scores possible in SBOM management and policy management criteria and tied for the second highest score in vulnerability identification. These areas are crucial in ensuring the security and integrity of software components.
Synopsys’ strategy category performance was equally impressive, with the company receiving the highest score possible in supporting services and offerings. This highlights Synopsys’ dedication to providing comprehensive solutions that go beyond traditional SCA capabilities.
The report specifically applauds Black Duck’s policy engine, which boasts more than 40 criteria covering a wide range of risks such as security, license, component attributes, and operational risks. This powerful engine ensures that policies are consistently enforced throughout the software development process, including IDE, pull requests, and pipeline scanning.
Jason Schmitt, the general manager of the Synopsys Software Integrity Group, expressed his gratitude for being recognized as a leader in the evaluation by Forrester. He emphasized the importance of identifying and managing risks associated with open source software components and software supply chains in building trust in software. With its extensive experience in software composition analysis and an open source database developed and enhanced over the past two decades, Black Duck SCA is well-positioned to assist organizations in all industries in securing their software supply chains.
Organizations looking to explore the insights provided by the Forrester report can now download a complimentary copy of The Forrester Wave™: Software Composition Analysis, Q2 2023 from Synopsys’ website.
Overall, Synopsys’ recognition as a leader in the SCA market once again highlights its commitment to delivering innovative and effective solutions that enable organizations to safeguard their software assets and mitigate risks associated with open source and third-party libraries. With the increasing dependence on software in various industries, it is crucial for companies to prioritize security and risk management, and Synopsys’ SCA solutions are a valuable asset in that regard.