{"id":54203,"date":"2024-04-09T15:22:43","date_gmt":"2024-04-09T19:22:43","guid":{"rendered":"https:\/\/sdtimes.com\/?p=54203"},"modified":"2024-04-16T11:39:15","modified_gmt":"2024-04-16T15:39:15","slug":"synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/","title":{"rendered":"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Synopsys has released a new solution to help companies manage upstream risks of software supply chains.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques to determine the components in a piece of software, such as package dependency, CodePrint, snippet, binary, and container analysis.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Customers can import SBOMs of their third-party components and automatically catalog the components found within. It performs continuous risk analysis on both internal SBOMs and the SBOMs of third-party components.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This also allows it to identify not just security issues, but issues with licenses of third-party components. This includes analyzing AI-generated code and detecting if any part of it might be subject to license requirements.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The tool also performs post-build analysis that can help detect malware or potentially unwanted applications.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">SBOMs can be exported in SPDX or CycloneDX formats, which makes it easier to meet customer, industry, or regulatory requirements, according to Synopsys.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cWith the rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components, it\u2019s critical for organizations to understand and thoroughly scrutinize the composition of their software portfolios,\u201d said Jason Schmitt, general manager of the Synopsys Software Integrity Group. \u201cThis requires constant vigilance over the patchwork of software dependencies that get pulled in from a variety of sources, including open source components downloaded from public repositories, commercial software packages purchased from vendors, code generated from AI coding assistants, and the containers and IT infrastructure used to deploy applications. It also requires the ability to detect and generate actionable insights for a wide range of risk factors such as known vulnerabilities, exposed secrets, and malicious code.\u201d<\/span><\/p>\n<p>&nbsp;<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Synopsys has released a new solution to help companies manage upstream risks of software supply chains. Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques to determine the components in a piece of software, such as package dependency, CodePrint, snippet, binary, and container analysis.\u00a0  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":752,"featured_media":54204,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[45,11243,16101,8570],"coauthors":[11687],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool - SD Times<\/title>\n<meta name=\"description\" content=\"Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool - SD Times\" \/>\n<meta property=\"og:description\" content=\"Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-09T19:22:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-16T15:39:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"853\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jenna Barron\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Barron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\"},\"author\":{\"name\":\"Jenna Barron\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\"},\"headline\":\"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool\",\"datePublished\":\"2024-04-09T19:22:43+00:00\",\"dateModified\":\"2024-04-16T15:39:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\"},\"wordCount\":294,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg\",\"keywords\":[\"security\",\"supply chain\",\"Supply Chain Security\",\"Synopsys\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\",\"url\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\",\"name\":\"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg\",\"datePublished\":\"2024-04-09T19:22:43+00:00\",\"dateModified\":\"2024-04-16T15:39:15+00:00\",\"description\":\"Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg\",\"width\":853,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\",\"name\":\"Jenna Barron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"caption\":\"Jenna Barron\"},\"description\":\"Jenna Barron is News Editor of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/jennifer-sargent\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool - SD Times","description":"Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/","og_locale":"en_US","og_type":"article","og_title":"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool - SD Times","og_description":"Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques.","og_url":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2024-04-09T19:22:43+00:00","article_modified_time":"2024-04-16T15:39:15+00:00","og_image":[{"width":853,"height":1280,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg","type":"image\/jpeg"}],"author":"Jenna Barron","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jenna Barron","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/"},"author":{"name":"Jenna Barron","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786"},"headline":"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool","datePublished":"2024-04-09T19:22:43+00:00","dateModified":"2024-04-16T15:39:15+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/"},"wordCount":294,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg","keywords":["security","supply chain","Supply Chain Security","Synopsys"],"articleSection":["Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/","url":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/","name":"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg","datePublished":"2024-04-09T19:22:43+00:00","dateModified":"2024-04-16T15:39:15+00:00","description":"Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/04\/chain-7519943_1280.jpg","width":853,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/security\/synopsys-hopes-to-mitigate-upstream-risks-in-software-supply-chains-with-new-sca-tool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786","name":"Jenna Barron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e","url":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","caption":"Jenna Barron"},"description":"Jenna Barron is News Editor of SD Times.","url":"https:\/\/sdtimes.com\/author\/jennifer-sargent\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/54203"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/752"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=54203"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/54203\/revisions"}],"predecessor-version":[{"id":54205,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/54203\/revisions\/54205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/54204"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=54203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=54203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=54203"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=54203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}