Assault attacks on the software supply chain have prompted Synopsys to introduce a new software composition analysis solution, Black Duck Supply Chain Edition, SiliconAngle reports.
A number of open source analysis technologies, including CodePrint, package dependency, and container analysis, are advertised by Synopsys to use in Black Duck Supply Chain Edition to facilitate the discovery of open source components in various programming languages. Open-source and custom components are also automatically cataloged through the platform’s third-party software import and analysis capabilities, according to Synopsys, which also noted the platform’s integration of ReversingLabs’ malware detection technologies.
In addition to enabling persistent vulnerability, exposed secret, and malicious packet tracking in imported and generated SBOMs, Synopsys Black Duck Supply Chain Edition also ensures software license compliance and intellectual property risk management.
Supply chain attacks “require the ability to detect and generate actionable insights for a wide range of risk factors such as known vulnerabilities, exposed secrets and malicious code,” said Synopsys Software Integrity Group General Manager Jason Schmitt.