Synopsys has been named a leader in The Forrester WaveTM: Software Composition Analysis, Q3 2021, based on an evaluation of Black Duck, our software composition analysis (SCA) solution.
For this report, Forrester evaluated the top 10 SCA providers against 37 criteria grouped into three categories:
Takeaways from the report include key evaluation criteria among providers, such as vulnerability identification, policy management, product vision, and market approach.
Unfortunately, as firms increasingly rely on external components, they expose themselves and their customers to greater risk when those components include critical vulnerabilities or don't conform to company policies. In addition, recent incidents like the SolarWinds breach demonstrate the risks of malicious libraries in software and the need for greater transparency in the software supply chain."
THE FORRESTER WAVE TM:
|SOFTWARE COMPOSITION ANALYSIS | Q3 2021
Among the 10 SCA providers evaluated, Synopsys received:
Synopsys' vulnerability detection capabilities are among the strongest in this Forrester Wave, and they are one of the few vendors in this Forrester Wave that conducts snippet analysis to identify potential license and copyright violations, a technique that several of their top competitors have dropped. Customer references appreciated the accuracy: 'If Black Duck is reporting something as a problem, it's a problem.' References also rated Synopsys highly for vulnerability remediation guidance and prioritization."
THE FORRESTER WAVE TM:
|SOFTWARE COMPOSITION ANALYSIS | Q3 2021
Download the report to learn why SCA is critical to secure modern application development and key evaluation criteria, such as supply chain protection, remediation guidance, and breadth of coverage.