Synopsys to acquire WhiteHat Security | An application security pioneer and market-segment leading provider of DAST solutions Learn More

close search bar

Sorry, not available in this language yet

close language selection

Synopsys is a Leader in the 2021 Forrester WaveTM for SCA

Synopsys has been named a leader in The Forrester WaveTM: Software Composition Analysis, Q3 2021, based on an evaluation of Black Duck, our software composition analysis (SCA) solution.  

For this report, Forrester evaluated the top 10 SCA providers against 37 criteria grouped into three categories:  

  • Current offering
  • Strategy
  • Market presence  

Takeaways from the report include key evaluation criteria among providers, such as vulnerability identification, policy management, product vision, and market approach. 

Download the report today

Unfortunately, as firms increasingly rely on external components, they expose themselves and their customers to greater risk when those components include critical vulnerabilities or don't conform to company policies. In addition, recent incidents like the SolarWinds breach demonstrate the risks of malicious libraries in software and the need for greater transparency in the software supply chain."




Among the 10 SCA providers evaluated, Synopsys received:      

  • The highest score in the Strategy category
  • The second highest score in the Market Presence category
  • Among the highest scores in the Vulnerability Identification criterion
  • The highest possible score in the Revenue criterion
  • The highest possible score in the Product Vision criterion
  • The highest possible score in the Market Approach criterion
  • The highest possible score in the Corporate Culture criterion  
2021 Forrester Wave: Software Composition Analysis Cover | Synopsys

Synopsys' vulnerability detection capabilities are among the strongest in this Forrester Wave, and they are one of the few vendors in this Forrester Wave that conducts snippet analysis to identify potential license and copyright violations, a technique that several of their top competitors have dropped. Customer references appreciated the accuracy: 'If Black Duck is reporting something as a problem, it's a problem.' References also rated Synopsys highly for vulnerability remediation guidance and prioritization."




Download the report to learn why SCA is critical to secure modern application development and key evaluation criteria, such as supply chain protection, remediation guidance, and breadth of coverage.