[AppSec Case Study] Thorough Analysis & Fast Results With Black Duck Audits | Synopsys
close search bar

Sorry, not available in this language yet

close language selection

Thorough Analysis, Fast Results, and Peace of Mind for Dextra Tech With Black Duck Audits

Full identification of third-party code

The use of downloaded open source code fragments is considered a viable resource by developers all over the world. Third-party code reuse saves development time and resources, allowing new application capabilities to be implemented quickly, efficiently, and at scale. Analysts such as Gartner note that open source components compose up to 90% of some applications.

As with many companies whose services include design and development of software for customers, Dextra Tech’s applications often use a mix of custom-built code, commercial software, and open source components. To have a third-party doublecheck of the code it was delivering to customers, Dextra wanted to validate their inventory of the open source components they had in use (also known as a “bill of materials,” or BOM).

“In addition to our existing processes and toolchain, which include checklists, tools, and engineering practices for usage of third-party open source code, we required a solution that goes beyond the typical checks for open source identification,” says Leonardo Leiva, delivery manager of digital transformation at Dextra Tech.

License identification is an important part of open source management to assure compliance with any obligations, restrictions, or conflicts associated with a specific component. Equally important is the capability to identify versions and patch status of third-party components for potential security and quality risks.

To get the best of both worlds and identify any license, security, or code quality issues that could affect their software assets, Dextra Tech turned to Synopsys’ Black Duck Audits.

“Black Duck was the logical choice,” says Leonardo Leiva. “We knew that Black Duck was being used by our customers, and that Black Duck Audits are a known market leader.”

A Black Duck Audit expert was available to review the results of the report and to clarify any questions that we had."

Leonarda Leiva


Dextra Technologies

The solution: Black Duck Audits

Black Duck Audits have been the most trusted open source due diligence solution for both internal compliance and mergers and acquisitions for the past 15 years. Black Duck Audits can help organizations:

  • Mitigate potential legal exposure by uncovering unknown open source software and third-party code.
  • Detect open source license conflicts, security vulnerabilities, and other risks that may affect software asset values.
  • Identify, understand, and test software security vulnerabilities and expose potential security gaps in proprietary software. 
  • Get an overall sense of the quality of the software and how well software development is managed. 

Results: A complete picture of third-party code in use

The Black Duck open source and third-party code audit gave Dextra Tech the complete picture they needed of what was in their source code, including open source license obligations, potential security issues, and code quality risks. With that bill of materials in hand, Dextra Tech could deliver their code with added confidence.

“The report we received was clear and comprehensive,” says Leonardo Leiva. “We especially appreciated that a Black Duck Audit expert was available to review the results of the report and to clarify any questions that we had.”

“Black Duck confirmed our third-party software validation practices,” he adds. “Softegrity SpA, a Synopsys Software Integrity reseller partner, helped to support the relationship between Dextra Technology and Black Duck for this process. With Black Duck and Softegrity, we have partners that we can use to continue strengthening our internal toolchain so that we maintain a high standard of source quality, avoiding potential risks.”

Download the PDF

Dextra Technologies | Synopsys

Company Overview

Dextra Technologies is a software solutions provider established in 1997. Dextra competencies converge on product engineering and digital transformation services for mobile, cloud, automotive, and embedded technologies. Dextra capabilities include product specification and UI/UX, application design and development, software quality assurance, integration, performance analysis, support, and maintenance.