Synopsys has introduced Black Duck Supply Chain Edition, a software composition analysis (SCA) package that helps organizations mitigate upstream risk in software supply chains, including from AI code.
Announced April 9, Black Duck Supply Chain Edition is intended to address a rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components. Due April 25, the product combines open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to give a view of software risks inherited from open source, AI-generated code, and third-party code, Synopsys said. Security and development teams can track dependencies across the application life cycle to find and resolve security vulnerabilities, malicious packages, and license violations and conflicts, the company added.