Synopsys has launched Black Duck Provide Chain Version, a software program composition evaluation (SCA) package deal that helps organizations mitigate upstream danger in software program provide chains, together with from AI code.
Introduced April 9, Black Duck Provide Chain Version is meant to deal with an increase in software program provide chain assaults concentrating on weak or maliciously altered open supply and third-party elements. Due April 25, the product combines open supply detection applied sciences, automated third-party software program invoice of supplies (SBOM) evaluation, and malware detection to provide a view of software program dangers inherited from open supply, AI-generated code, and third-party code, Synopsys stated. Safety and improvement groups can observe dependencies throughout the applying life cycle to seek out and resolve safety vulnerabilities, malicious packages, and license violations and conflicts, the corporate added.
Among the many key options are a number of open supply detection applied sciences that establish open supply elements throughout any programming language, utilizing a mix of software program evaluation applied sciences together with package deal dependency evaluation and container evaluation. Different options embody third-party SBOM import and evaluation, malware detection, steady danger identification and monitoring for open supply vulnerabilities, uncovered secrets and techniques, malware, and suspicious packages, and IP danger and license administration, which identifies software program licenses related to dependencies.
Copyright © 2024 IDG Communications, Inc.
