The Forrester report noted that “Synopsys continues to have strong features, including quality and accuracy.”
Black Duck’s multifactor scanning, coupled with support for over 100 languages, delivers dependency analysis, binary analysis, codeprint analysis, code snippet detection, and custom component detection. By discovering both declared and undeclared dependencies in your applications, we are able to provide the most complete and dynamic inventory of your applications’ contents and the associated vulnerabilities and licenses. All of this contributes to a complete Software Bill of Materials (SBOM), which is crucial for knowing what risks you’re exposed to.
Although completeness is crucial when evaluating risk, so is accuracy. Part of providing users with trust in their applications is assuring them that the issues identified are the ones that pose actual risk.
Identifying vulnerabilities is just one step in securing an application. Once you find vulnerabilities, they then have to be addressed. To this end, Black Duck offers Black Duck Security Advisories (BDSAs), which provide all the information you need to understand, prioritize, and remediate vulnerabilities. BDSAs include severity scoring, reachability, vulnerability descriptions, details on affected versions, and critical guidance on upgrades, patches, and workarounds. These powerful details are provided by the Synopsys Cybersecurity Research Center (CyRC). The CyRC leverages the Synopsys open source KnowledgeBase™, the industry's most comprehensive database of open source project, license, and security information, covering more than 7.4 million open source projects from nearly 30,000 forges and repositories.
We believe Forrester’s findings are aligned with this level of vulnerability identification and remediation, with the report giving Synopsys the highest score in the Breadth of Coverage criteria.