Synopsys and ReversingLabs Partner on Software Supply Chain Risk Management
May 11, 2023

Synopsys announced an agreement between its Software Integrity Group and ReversingLabs that provides software development and security teams with a comprehensive software supply chain risk management solution.

Synopsys Software Integrity Group's open-source scanning capabilities of Black Duck® and ReversingLabs' Software Supply Chain Security (SSCS) Platform address complete software bill of materials (SBOM) requirements and software supply chain threats as part of their software development and continuous integration and continuous delivery (CI/CD) processes.

Black Duck software composition analysis manages the security, quality and license compliance risks that come from the use of open-source code in applications and containers. The ReversingLabs SSCS Platform complements the capabilities of Black Duck by scanning commercial third-party components for vulnerabilities, malware and instances of software tampering. These capabilities provide additional security risk insight to quickly identify malware, software tampering and anomalies inserted in software to prevent supply chain attacks before release. Synopsys is now authorized to resell the ReversingLabs SSCS Platform with Black Duck to create comprehensive, actionable SBOMs automatically and throughout the software supply chain.

"Software and security leaders are looking to Synopsys to lead in delivering complete solutions to secure the rapidly evolving software supply chain threat landscape," said Jason Schmitt, GM of the Synopsys Software Integrity Group. "ReversingLabs provides the perfect complement to our expertise in open-source risk and application security by layering in some of the most advanced security technology available for identifying and eliminating security risk from commercial and third-party software components. Together, we can produce accurate and complete SBOMs that include all sources of software in the supply chain."

"Recent software supply chain attacks on open-source and commercial third-party software require a new approach to software resilience," said ReversingLabs CEO, Mario Vuksan. "This means organizations must strive for a more holistic view of the software supply chain, a deeper understanding of complex software package composition, including open-source and commercial third-party components, and a more comprehensive view of software behavior. With Synopsys, our combined efforts will not only ensure regulatory needs are met but truly enable developers and security managers to avoid software threats and prioritize and action software risks and quality issues."

Share this

Industry News

April 21, 2025

Postman announced new releases designed to help organizations build APIs faster, more securely, and with less friction.

April 21, 2025

SnapLogic announced AgentCreator 3.0, an evolution in agentic AI technology that eliminates the complexity of enterprise AI adoption.

April 17, 2025

GitLab announced the general availability of GitLab Duo with Amazon Q.

April 17, 2025

Perforce Software and Liquibase announced a strategic partnership to enhance secure and compliant database change management for DevOps teams.

April 17, 2025

Spacelift announced the launch of Saturnhead AI — an enterprise-grade AI assistant that slashes DevOps troubleshooting time by transforming complex infrastructure logs into clear, actionable explanations.

April 16, 2025

CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.

April 16, 2025

Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.

April 15, 2025

Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.

April 14, 2025

LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.

April 14, 2025

Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.

April 14, 2025

Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.

April 10, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.

April 10, 2025

Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.

April 10, 2025

The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.