Synopsys Detect

Created by Kevin Kastning (Unlicensed)
Last updated: Sep 14, 2021 by Al Sallette

Version 7.5.0

Synopsys Detect is Black Duck's intelligent scan client that scans code bases in your projects and folders to perform compositional analysis. Synopsys Detect sends scan results to Black Duck, which generates risk analysis when identifying open source components, licenses, and security vulnerabilities.

Synopsys Detect also has the following characteristics:

  • Synopsys Detect integrates with development tools used throughout the SDLC (software development life cycle) and automatically detects resources to optimize its scan methodology.

  • Synopsys Detect provides scanning capabilities to Black Duck to help identify open source components, licenses, and security vulnerabilities. This is achieved through a variety of detection methods such as package manager inspection, file-system based signature scanning of source directories and files, Docker image inspection, and Binary analysis. 

  • Synopsys Detect provides the source of information for Black Duck to analyze open source components and find vulnerabilities in open source components and containers. Using this type of analysis, you can minimize security, compliance, and code quality risks; you can monitor for new vulnerabilities throughout your development cycle, and you can set and enforce open source use and security policies.

  • Runs on Windows, Linux, and macOS. It is available through GitHub, under a permissive Apache license and does not require pre-installation or configuration.

  • Supports scanning Docker images by identifying open source within the images, using both signature scanning and the package manager analysis techniques.

Synopsys Detect consolidates the functionality of the Black Duck, package managers, and continuous integration plugin tools into a single tool, which does the following:

  • Discovers open source components in your code

  • Maps components to known vulnerabilities

  • Identifies license compliance and component quality risks

  • Sets and enforces open source policies

  • Integrates open source management into your DevOps environment

  • Monitors and alerts when new threats are reported

  • Calculates risk in your code.

  • Produces reports of its findings

Synopsys Detect at work

By default, Synopsys Detect examines your source directory to be scanned and discovers the package managers in your code, and uses the project package managers to derive the hierarchy of dependencies known to those package managers.

  • Synopsys Detect extracts package manager dependencies in your project by using selected Synopsys Detect detectors to extract the dependencies.

  • The Black Duck signature scanner runs and extracts more dependencies that might not be known to a package manager if there is a connection to Black Duck.

  • All dependencies are uploaded to Black Duck for analysis; a project is created, and a Bill of Materials (BOM) is generated.

  • You can view the output and analysis in Black Duck.

Previous versions of Detect documentation:
Detect 6.9.0 | 6.8.0 | 6.7.0 | 6.6.0 | 6.5.0 | 6.4.0 | 6.3.0 | 6.2.1 | 6.2.0 | 6.1.0 | 6.0.0
Detect 5.6.2 | 5.6.0 | 5.5.0 | 5.4.0

Synopsys Detect Desktop application

Synopsys Detect is available as a desktop application at https://<black_duck_server>/ui/tools
For help with using the Synopsys Detect GUI, refer to https://<black_duck_server>doc/Welcome.htm#componentdiscovery/detectdesktop.htm .

In Docker Inspector 9.1.0, Synopsys added support for running Docker Inspector on Windows 10 Enterprise Edition by executing the Black Duck Docker Inspector .jar file directly.

The capability to run Docker Inspector on Windows using Synopsys Detect is available in Synopsys Detect 6.6.0 or later.