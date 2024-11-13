Maintaining an SBOM is the cornerstone of a successful supply chain program

Forrester noted that Black Duck’s “SBOM management, generation, export, ingestion, and analysis capabilities are among the best in this evaluation.”

Our multifactor scanning, coupled with support for over 100 languages, delivers dependency analysis, binary analysis, codeprint analysis, code snippet detection, and custom component detection. By discovering both declared and undeclared dependencies in your applications, we provide the most complete and dynamic inventory of your applications’ contents and the associated vulnerabilities and licenses. All of this contributes to a complete Software Bill of Materials (SBOM), which is crucial for knowing what risks you’re exposed to.

And although completeness is crucial when evaluating risk, so is accuracy. Part of providing users with trust in their applications is assuring them that the issues identified are the ones that pose actual risk.

Identifying vulnerabilities is just one step in securing an application. Once you find vulnerabilities, they then have to be addressed. To this end, Black Duck offers Black Duck Security Advisories (BDSAs), which provide all the information you need to understand, prioritize, and remediate vulnerabilities. BDSAs include severity scoring, reachability, vulnerability descriptions, details on affected versions, and critical guidance on upgrades, patches, and workarounds. These powerful details are provided by the Black Duck Cybersecurity Research Center (CyRC). The CyRC leverages the Black Duck open source KnowledgeBase™, the industry's most comprehensive database of open source project, license, and security information, covering more than 8.7 million open source projects from nearly 60,000 forges and repositories.