The Synopsys Software Integrity Group is now Black Duck®. Learn More

Black Duck is a Leader in the 2024 Forrester Wave™ for SCA

Black Duck® has been recognized as a Leader in The Forrester Wave™: Software Composition Analysis, Q4 2024, based on an evaluation of Black Duck® SCA, our software composition analysis (SCA) solution

Based on an evaluation conducted by an independent research firm, this report evaluated the top 10 SCA providers against 25 criteria grouped into two high-level categories.

  • Current offering
  • Strategy

The report includes how SCA providers were evaluated based on their comprehensive, enterprise-class SCA capabilities, including their ability to prioritize and remediate open source license risk and vulnerabilities, integrate with common SDLC automation tools, generate Software Bills of Materials (SBOMs), and more.

Download the report now

An astonishing 77% of codebases are comprised of open-source software, which means a considerable amount of an application’s risk is due to third-party sources. Application security and development leaders depend on SCA tools for insight into the security risks and licensing concerns associated with open-source and third-party libraries. SCA providers stand out by not only efficiently identifying and addressing security and license risks but also embracing use cases related to the software supply chain."

The Forrester Wave™: Software Composition Analysis

|

Q4 2024 Forrester Research, Inc.

Among the 10 SCA providers evaluated, Black Duck received      

  • The second-highest score in the Current Offering category
  • A tie for the highest score possible in the Component Identification and Analysis criteria and the License Detection, Analysis, and Guidance criteria within the Current Offering category
  • A tie for the highest score possible in the SBOM Generation, Export, and Sharing; SBOM Ingestion and Analysis; and Policy Management criteria within the Current Offering category
  • Among the highest-possible scores in the Innovation and Supporting Services and Offerings criteria within the Strategy category
  • Among the highest-possible scores in the Risk Intelligence and Language Support criteria in the Current Offering category

Black Duck Software offers exceptional open-source, third-party, and closed-source component and snippet analysis for vulnerability, license, and copyright detection. SBOM management, generation, export, ingestion, and analysis capabilities are among the best in this evaluation. Policy management is a strength, with more than 40 criteria for operational health, license risk, and security risk."

The Forrester Wave™: Software Composition Analysis

|

Q4 2024 Forrester Research, Inc.