Software Composition Analysis (SCA) matters, and Synopsys gains some accolades


Editor’s brief: If you are into DevOps and DevSecOps, you know that having software written is only one part of the equation today, having cybersecurity and compliance baked in are equally if not even more important today. The Forrester Wave™ Software Composition Analysis Q3 2021 identified the 10 most significant vendors in the SCA category against 37 criteria, and Synopsys’ Black Duck SCA received the highest score in the strategy category and second in the market presence category. The vendor’s release is below.

Synopsys Recognised as a Leader in Software Composition Analysis by Independent Research Firm 

Synopsys receives highest score among 10 SCA providers in strategy category

SINGAPORE, @mcgallen #microwireinfo, August 20, 2021Synopsys, Inc. (Nasdaq: SNPS) today announced it has been recognised as a leader in The Forrester Wave™: Software Composition Analysis, Q3 2021. The report identifies the 10 most significant vendors in the software composition analysis (SCA) market and evaluates them against 37 criteria grouped into three high-level categories: current offering, strategy, and market presence. Synopsys’ Black Duck SCA solution received the highest score among all 10 vendors in the strategy category and ranked second in the market presence category.

The report states: “Unfortunately, as firms increasingly rely on external components, they expose themselves and their customers to greater risk when those components include critical vulnerabilities or don’t conform to company policies.” The report goes on to suggest that SCA customers should look for providers that “address risks in a wide range of nonproprietary components… advise developers on how to remediate vulnerabilities, license risks, and stale code…[and] analyse and bolster the software supply chain.”

Within the current offering category, Synopsys received among the top scores in the vulnerability identification criterion and the second highest score in the policy management criterion. According to the report, “Synopsys’ vulnerability detection capabilities are among the strongest in this Forrester Wave, and they are one of the few vendors in this Forrester Wave that conducts snippet analysis to identify potential license and copyright violations, a technique that several of their top competitors have dropped. Customer references appreciated the accuracy: ‘If Black Duck is reporting something as a problem, it’s a problem.’ References also rated Synopsys highly for vulnerability remediation guidance and prioritisation.”

Within the strategy category, Synopsys received the highest scores possible in three of the six criteria: product vision, market approach, and corporate culture. The Forrester report notes that “Synopsys stands out for analysis depth and AST vision. Synopsys envisions embedding the full range of application security testing (AST) tools into developer workflows and tools so that development teams can uniformly prioritise and remediate flaws across proprietary, open source, and third-party components. The company’s SCA roadmap centers on developer enablement and the concept of intelligent progressive analysis: conducting different levels of analysis at different stages of the SDLC, depending on the need.”

“We’re proud to be recognised by Forrester as a leader in this SCA evaluation,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Software composition and supply chain risk are now top of mind issues for development and security teams, and Synopsys continues to lead the way with a powerful combination of accuracy, performance and scale. Our vision of frictionless identification of all types of software risk throughout the SDLC delivers a seamless experience for developers and a proactive, prioritised view of risk for security teams.”

Download a complimentary copy of The Forrester Wave™: Software Composition Analysis, Q3 2021.

About the Synopsys Software Integrity Group 

Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimising risks while maximising speed and productivity. Synopsys, a recognised leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behaviour. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organisations optimise security and quality in DevSecOps and throughout the software development life cycle. Learn more at

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world’s 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at



Read More:Software Composition Analysis (SCA) matters, and Synopsys gains some accolades