Synopsys Enters into Definitive Agreement for Sale of Application Security (Software Integrity Group) Learn More

close search bar

Sorry, not available in this language yet

close language selection

Multifactor Open Source Scanning

Synopsys software composition analysis (SCA) offers multiple open source scanning technologies so you get the most complete and accurate view of open source in your applications and containers. Our open source scanning combines build process monitoring, file system scanning, and source code analysis to track all open source in use, including components most SCA tools miss.

Dependency Analysis
dependency analysis

Integrates with build tools like Maven and Gradle to track both declared and transitive open source dependencies in applications built in languages like Java and C#.

Codeprint Analysis
codeprint analysis

Maps string, file, and directory information to the Black Duck KnowledgeBase to identify open source and third-party components in applications built using languages like C & C++.

Binary Analysis
binary analysis

Identifies open source within compiled application libraries and executables. No source code or build system access required.

Snippet Analysis
snippet analysis

Finds parts of open source code that have been copied within proprietary code by developers or generative AI coding tools, which can potentially expose you to license violations and conflicts.

Container Scanning
snippet analysis

Uses a combination of binary and CodePrint analysis to identify open source dependencies in container images, layer by layer.

Why package declarations aren’t enough

Most other solutions rely solely on package manager declarations to identify open source components. But these solutions miss a lot of open source that may be in your code, including:

  • Open source that developers add to your code but don’t declare in package manifests
  • Open source in languages like C and C++ that don’t use standard package managers
  • Open source built into containers
  • Open source within compiled binaries and build artifacts
  • Open source introduced by AI coding assistants

Simple integration into your CI/CD pipeline

Our SCA integrations make it easy to incorporate open source scanning into your existing development tools and processes. This makes it possible to automatically identify which languages and package managers you’re using, configure the appropriate integrations for discovery, and find the most effective way to analyze your code.

Learn more about our integrations

Related content


See how Black Duck works

Watch the video