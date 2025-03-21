Black Duck® has been recognized as a Leader in The Forrester Wave™: Software Composition Analysis, Q4 2024, based on an evaluation of Black Duck® SCA, our software composition analysis (SCA) solution.
Based on an evaluation conducted by an independent research firm, this report evaluated the top 10 SCA providers against 25 criteria grouped into two high-level categories.
The report includes how SCA providers were evaluated based on their comprehensive, enterprise-class SCA capabilities, including their ability to prioritize and remediate open source license risk and vulnerabilities, integrate with common SDLC automation tools, generate Software Bills of Materials (SBOMs), and more.
An astonishing 77% of codebases are comprised of open-source software, which means a considerable amount of an application’s risk is due to third-party sources. Application security and development leaders depend on SCA tools for insight into the security risks and licensing concerns associated with open-source and third-party libraries. SCA providers stand out by not only efficiently identifying and addressing security and license risks but also embracing use cases related to the software supply chain."
Among the 10 SCA providers evaluated, Black Duck received
Black Duck Software offers exceptional open-source, third-party, and closed-source component and snippet analysis for vulnerability, license, and copyright detection. SBOM management, generation, export, ingestion, and analysis capabilities are among the best in this evaluation. Policy management is a strength, with more than 40 criteria for operational health, license risk, and security risk."
