Synopsys Black Duck® is an automated software composition analysis (SCA) tool that enables organizations to gain visibility into the composition of software, so they can make better buying decisions and manage the ongoing risk of operating complex systems and software, regardless of source code access. Black Duck Binary Analysis identifies open source components in compiled software to provide an open source Bill of Materials and a list of any vulnerabilities and licenses related to those components.
Black Duck also recognizes compiler switches, mobile permissions, and other forms of information leakage that could potentially expose sensitive information. Furthermore, Black Duck goes beyond simply detecting these issues; hand-crafted security advisories provide detailed notifications for each vulnerability identified, giving users the information needed to properly understand, prioritize, and remediate the problem.
Organizations can also leverage Synopsys’ comprehensive set of static application security testing (SAST) solutions, as well as static analysis professional services that can help organizations find vulnerabilities in their applications without access to source code. Since static testing solutions based on binary analysis rely on modeled datatypes, data, and control paths, manual inspection of the findings can help improve the efficacy of such binary analysis. This helps eliminate noise and false positives during the assessment, making it easier to discover vulnerabilities and get actionable remediation guidance.