close search bar

Sorry, not available in this language yet

close language selection

Synopsys is a Leader in the 2023 Forrester Wave™ for SCA

Synopsys has been recognized as a Leader in The Forrester Wave™: Software Composition Analysis, Q2 2023, based on an evaluation of Black Duck®, our software composition analysis (SCA) solution. 

Based on an examination conducted by an independent research firm, this report evaluated the top 12 SCA providers against 32 criteria grouped into three categories.

  • Current offering
  • Strategy
  • Market presence  

Takeaways from the report include how the SCA providers scored against evaluation criteria such as vulnerability identification, software supply chain security, product vision, and market approach. 

Download the report now

A staggering 78% of codebases are open source, which leaves a majority of an application’s code at risk due to third-party sources. Application security and application development leaders rely on software composition analysis tools to deliver visibility into the security and license risk of open source and third-party libraries. SCA vendors differentiate by not only effectively finding and remediating security and license risk but also leaning into software supply chain use cases, a recent focus of governments and the private sector."

The Forrester Wave™:

|

Software Composition Analysis, Forrester Research, Inc. | Q2 2023

Among the 12 SCA providers evaluated, Synopsys received      

  • Among the highest scores in the Market Presence category
  • The second-highest score in the Current Offering category
  • The highest scores possible for the SBOM Management and Policy Management criteria in the Current Offering category
  • A tie for the second-highest score for the Vulnerability Identification criterion in the Current Offering category
  • The highest score possible for the Supporting Services and Offerings criterion in the Strategy category
2023 Forrester Wave: Software Composition Analysis Cover | Synopsys

Black Duck’s powerful policy engine boasts more than 40 criteria, including security risk, such as exploitability, fix availability, and reachability; license risk, such as needs review; component attributes, such as direct or transitive dependency; and operational risk, such as number of commits and contributors in the past year and component age. The policy is uniformly enforced in the IDE, pull requests, and pipeline scanning."

The Forrester Wave™:

|

Software Composition Analysis, Forrester Research, Inc. | Q2 2023

Download the report to learn why SCA is critical to secure modern application development and how the top vendors score against evaluation criteria such as software supply chain security, policy management, remediation, and breadth of coverage.