Mounting software supply chain attacks have prompted Synopsys to introduce the new Black Duck Supply Chain Edition software composition analysis solution, reports SiliconAngle.
Numerous open-source analysis technologies, including CodePrint, package dependency, and container analyses, were touted by Synopsys to be leveraged by Black Duck Supply Chain Edition to facilitate open-source component discovery across different programming languages. Open-source and custom components are also automatically cataloged via the platform's third-party software bills of materials importation and analysis capabilities, according to Synopsys, which also noted the platform's integration of ReversingLabs' malware discovery technologies.
Aside from allowing persistent vulnerability, exposed secret, and malicious package tracking in imported and generated SBOMs, Synopsys Black Duck Supply Chain Edition also ensures software license compliance and intellectual property risk management.
Supply chain attacks "require the ability to detect and generate actionable insights for a wide range of risk factors such as known vulnerabilities, exposed secrets, and malicious code," said Synopsys Software Integrity Group General Manager Jason Schmitt.