Synopsys and JFrog

Manage open source risks across the software supply chain

Open source makes its way into your software through many channels. It’s important to manage open source risks throughout your software development life cycle and beyond. Black Duck by Synopsys integrates with JFrog so you can use Black Duck’s industry-leading open source vulnerability management capabilities as part of your JFrog deployment.

Synopsys integrations with JFrog Artifactory and Xray

The Black Duck plugin for Artifactory scans the binary repository to make sure the code artifacts in use comply with open source use policies and are free from known vulnerabilities. Black Duck scans artifacts already in the repository and will also scan any artifacts being added to prevent vulnerable components from entering or propagating in application code.

Black Duck also integrates with Xray, which scans your Artifactory repository. The integration directly queries the Black Duck KnowledgeBaseTM to give you enhanced vulnerability data from Black Duck’s security researchers on top of what Xray already provides.

By scanning open source components in the repository, development teams can attack vulnerabilities earlier in the SDLC, saving time and money on remediation. In addition, Black Duck’s vulnerability and policy monitoring will alert you of any new security risks or policies that affect artifacts in the repository.

With multiple integrations supporting both Artifactory and Xray, you have the power of two best-of-breed solutions with the flexibility to deploy them in a wide range of configurations

Detect vulnerabilities

Detect vulnerabilities in repositories and individual artifacts.

Enforceable policies

Enforce open source use and security policies during repository transactions.

Automated security

Combine repository enforcement with visibility and protection during the upstream development, build, and CI processes.