industry news
Subscribe Now

Synopsys Launches New Offering for Comprehensive Software Supply Chain Security

Black Duck Supply Chain Edition addresses vulnerabilities, license conflicts, and malicious code across open source and commercial dependencies as well as AI-generated code.

SUNNYVALE, Calif., April 9, 2024 /PRNewswire/ — Synopsys, Inc. (Nasdaq: SNPS) today announced the availability of Black Duck® Supply Chain Edition, a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains. Black Duck Supply Chain Edition combines multiple open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to provide a comprehensive view of software risks inherited from open source, third-party, and AI-generated code. Development and security teams can track their dependencies across the entire application lifecycle to identify and resolve security vulnerabilities, malicious packages, and license violations and conflicts.

Supply Chain Edition builds on the market-leading capabilities of Black Duck and delivers a full range of supply chain security capabilities to teams responsible for building secure, compliant applications.

“With the rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components, it’s critical for organizations to understand and thoroughly scrutinize the composition of their software portfolios,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “This requires constant vigilance over the patchwork of software dependencies that get pulled in from a variety of sources, including open source components downloaded from public repositories, commercial software packages purchased from vendors, code generated from AI coding assistants, and the containers and IT infrastructure used to deploy applications. It also requires the ability to detect and generate actionable insights for a wide range of risk factors such as known vulnerabilities, exposed secrets, and malicious code. Black Duck Supply Chain Edition combines a suite of best-in-class capabilities to streamline these requirements and attest to the results in standardized or customized SBOM formats.”

Key features of Black Duck Supply Chain include:

  • Multiple open source detection technologies. Accurately identify open source components across any programming language using the most comprehensive combination of software analysis technologies, including package dependency, CodePrint™, snippet, binary, and container analysis.
  • Third-party SBOM import and analysis. Import SBOMs from third-party software suppliers and automatically catalogue the open source, commercial, and custom components contained in them.
  • Malware detection (leveraging technology from ReversingLabs)Perform post-build analyses to detect the presence of malware, such as suspicious files, potentially unwanted applications, protest-ware, and suspicious file structures.
  • Risk identification and mitigation. Continuously monitor for open source vulnerabilities, exposed secrets, malware, and malicious packages in both the SBOMs you generate as well as those you import.
  • IP risk and license compliance management. Automatically identify software licenses associated with your dependencies and receive guidance on obligations or conflicts with how the application is licensed, deployed, and distributed. Analyze AI-generated code to identify hidden open source snippets that may be subject to copyright or license obligations.
  • Industry standard SBOMs. Export SBOMs containing all open source, custom, and commercial dependencies, in SPDX or CycloneDX formats, to align with customer, industry, or regulatory requirements. Leverage out of the box templates to meet the appropriate level of sharing detail specified by your downstream customers.

Black Duck Supply Chain Edition will be generally available on April 25 and showcased May 6-9 at the RSA Conference in San Francisco at the Synopsys Software Integrity Group booth, #1027.

For more information, visit our website or read the detailed blog post.

About the Synopsys Software Integrity Group
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software. Learn more at www.synopsys.com/software.

About Synopsys
Catalyzing the era of pervasive intelligence, Synopsys, Inc. (Nasdaq: SNPS) delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation. We partner closely with semiconductor and systems customers across a wide range of industries to maximize their R&D capability and productivity, powering innovation today that ignites the ingenuity of tomorrow.  Learn more at www.synopsys.com.

Leave a Reply

featured blogs
Dec 19, 2024
Explore Concurrent Multiprotocol and examine the distinctions between CMP single channel, CMP with concurrent listening, and CMP with BLE Dynamic Multiprotocol....
Dec 24, 2024
Going to the supermarket? If so, you need to watch this video on 'Why the Other Line is Likely to Move Faster' (a.k.a. 'Queuing Theory for the Holiday Season')....

Libby's Lab

Libby's Lab - Scopes Out Silicon Labs EFRxG22 Development Tools

Sponsored by Mouser Electronics and Silicon Labs

Join Libby in this episode of “Libby’s Lab” as she explores the Silicon Labs EFR32xG22 Development Tools, available at Mouser.com! These versatile tools are perfect for engineers developing wireless applications with Bluetooth®, Zigbee®, or proprietary protocols. Designed for energy efficiency and ease of use, the starter kit simplifies development for IoT, smart home, and industrial devices. From low-power IoT projects to fitness trackers and medical devices, these tools offer multi-protocol support, reliable performance, and hassle-free setup. Watch as Libby and Demo dive into how these tools can bring wireless projects to life. Keep your circuits charged and your ideas sparking!

Click here for more information about Silicon Labs xG22 Development Tools

featured chalk talk

High Power Charging Inlets
All major truck and bus OEMs will be launching electric vehicle platforms within the next few years and in order to keep pace with on-highway and off-highway EV innovation, our charging inlets must also provide the voltage, current and charging requirements needed for these vehicles. In this episode of Chalk Talk, Amelia Dalton and Drew Reetz from TE Connectivity investigate charging inlet design considerations for the next generation of industrial and commercial transportation, the differences between AC only charging and fast charge and high power charging inlets, and the benefits that TE Connectivity’s ICT high power charging inlets bring to these kinds of designs.
Aug 30, 2024
36,124 views