Skip to main content

The Recognized Leader in
Software Composition
Analysis Providers

Download the Report

The Forrester Wave™: Software Composition Analysis, Q1 2017

Black Duck is the only company in the “leader” category in the recently released: The Forrester Wave™: Software Composition Analysis, Q1 2017.

Software composition analysis (SCA) tools provide valuable data to security pros, legal pros, and app developers by identifying software vulnerabilities and exposing licenses for open source components. A comprehensive evaluation of “the six (SCA) providers that matter most and how they stack up,” the Forrester report assesses the current state of the software composition analysis market and provides in-depth analysis of the six providers.

Read the full Forrester report: The Forrester Wave™: Software Composition Analysis, Q1 2017

Black Duck Software has very strong risk reporting and strong proactive vulnerability management capabilities, but its biggest differentiation comes from sound support for the fundamentals of license risk management, vulnerability identification, and policy management.

Open Source Comprises as much as 90% of Application Code

Two surprising statistics also emerge from the Forrester Software Composition Analysis report:

  • “Developers use open source components as their foundation, creating applications using only 10% to 20% new code”
  • “Unfortunately, many of these (open source) components come with liabilities in their license agreements, and one out of every 16 open source download requests is for a component with a known vulnerability.”

In its vendor profile, Forrester noted that Black Duck’s market-leading product Black Duck Hub, “boasts over 80 supported source code language formats, and it uses this strength to scan a broad range of developer preferences for both license risk management and vulnerability identification. Additionally, Black Duck provides an application bill of materials (BOM) for as long as users choose, and it monitors for any new open source vulnerabilities using vulnerability data that gets updated hourly.”

Read the full Forrester report: The Forrester Wave™: Software Composition Analysis, Q1 2017