Synopsys has launched Black Duck Supply Chain Edition, a software program composition evaluation (SCA) bundle that helps organizations mitigate upstream danger in software program provide chains, together with from AI code.
Announced April 9, Black Duck Supply Chain Edition is meant to deal with an increase in software program provide chain assaults concentrating on weak or maliciously altered open supply and third-party parts. Due April 25, the product combines open supply detection applied sciences, automated third-party software program invoice of supplies (SBOM) evaluation, and malware detection to offer a view of software program dangers inherited from open supply, AI-generated code, and third-party code, Synopsys stated. Security and improvement groups can observe dependencies throughout the appliance life cycle to search out and resolve safety vulnerabilities, malicious packages, and license violations and conflicts, the corporate added.
Among the important thing options are a number of open supply detection applied sciences that determine open supply parts throughout any programming language, utilizing a mixture of software program evaluation applied sciences together with bundle dependency evaluation and container evaluation. Other options embrace third-party SBOM import and evaluation, malware detection, steady danger identification and monitoring for open supply vulnerabilities, uncovered secrets and techniques, malware, and suspicious packages, and IP danger and license administration, which identifies software program licenses related to dependencies.
Copyright © 2024 IDG Communications, Inc.
