Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
Synopsys announced the availability of Black Duck® Supply Chain Edition, a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains.
Black Duck Supply Chain Edition combines multiple open source detection technologies, automated third-party software bill of materials (SBOM) analysis, and malware detection to provide a comprehensive view of software risks inherited from open source, third-party, and AI-generated code. Development and security teams can track their dependencies across the entire application lifecycle to identify and resolve security vulnerabilities, malicious packages, and license violations and conflicts.
Supply Chain Edition builds on the capabilities of Black Duck and delivers a full range of supply chain security capabilities to teams responsible for building secure, compliant applications.
"With the rise in software supply chain attacks targeting vulnerable or maliciously altered open source and third-party components, it's critical for organizations to understand and thoroughly scrutinize the composition of their software portfolios," said Jason Schmitt, general manager of the Synopsys Software Integrity Group. "This requires constant vigilance over the patchwork of software dependencies that get pulled in from a variety of sources, including open source components downloaded from public repositories, commercial software packages purchased from vendors, code generated from AI coding assistants, and the containers and IT infrastructure used to deploy applications. It also requires the ability to detect and generate actionable insights for a wide range of risk factors such as known vulnerabilities, exposed secrets, and malicious code. Black Duck Supply Chain Edition combines a suite of best-in-class capabilities to streamline these requirements and attest to the results in standardized or customized SBOM formats."
Key features of Black Duck Supply Chain include:
- Multiple open source detection technologies. Accurately identify open source components across any programming language using the most comprehensive combination of software analysis technologies, including package dependency, CodePrint™, snippet, binary, and container analysis.
- Third-party SBOM import and analysis. Import SBOMs from third-party software suppliers and automatically catalogue the open source, commercial, and custom components contained in them.
- Malware detection (leveraging technology from ReversingLabs). Perform post-build analyses to detect the presence of malware, such as suspicious files, potentially unwanted applications, protest-ware, and suspicious file structures.
- Risk identification and mitigation. Continuously monitor for open source vulnerabilities, exposed secrets, malware, and malicious packages in both the SBOMs you generate as well as those you import.
- IP risk and license compliance management. Automatically identify software licenses associated with your dependencies and receive guidance on obligations or conflicts with how the application is licensed, deployed, and distributed. Analyze AI-generated code to identify hidden open source snippets that may be subject to copyright or license obligations.
- Industry standard SBOMs. Export SBOMs containing all open source, custom, and commercial dependencies, in SPDX or CycloneDX formats, to align with customer, industry, or regulatory requirements. Leverage out of the box templates to meet the appropriate level of sharing detail specified by your downstream customers.
Black Duck Supply Chain Edition will be generally available on April 25
Industry News
Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.
Securiti announced a new solution - Security for AI Copilots in SaaS apps.
Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.