Synopsys Application Security

Protecode Enterprise

Protecode Enterprise

Organizations sometimes need to integrate third party code into their own code. There are many open source libraries available today that offer their code for re-use. Commercial code too is available at a cost. Manual processes aimed at identifying and marking such open source components, so that some of the most basic license requirements – like protection of intellectual property - can be satisfied, oftentimes proves to be a tedious chore. This is especially true for organizations that write millions of lines of code in a collaborated manner.

Protecode Enterprise is a comprehensive Software Composition Analysis (SCA) solution that enables secure and safe use of third-party code in software products. Protecode Enterprise can be used within development and testing processes or in the legal compliance departments to manage risks arising from the use of third-party code, including open source, internally developed, outsourced, and even commercial code.

There are many benefits in managing third party code at the earliest point in the development cycle:

  • Reduced time and cost in fixing problems
  • Reduce the time from concept to marketing
  • Comply with legal requirements
  • Protect Intellectual Property rights
  • Prevent delays in M&A transactions

Protecode Enterprise is flexible enough to offer both source code and binary analysis that easily integrates into R&D continuous integration environments.

Key Features

Protecode Enterprise is a comprehensive SCA solution that ensures software signoff at various phases of the software development life cycle (SDLC), allowing for secure, safe, and risk-free use of third-party code in products.

Software Bill of Materials (BOM) Generation
Automatically generate and maintain an up-to-date software BOM. Maintaining a software BOM within R&D is the most cost effective way for all stakeholders from R&D, to legal, to maintenance to obtain up-to-date information on the composition of software packages. Alternatively legal and other stakeholders can run their own analyses using their preferred workflows.

Security Vulnerability Assessment
Identify and flag known vulnerabilities affecting third-party software components used in projects. These come with severity ratings in order to prioritize remediation of detected vulnerabilities. Automated alerts are generated when new known vulnerabilities are detected against already scanned components.

Comprehensive Open Source License Reporting
Produce an actionable, consolidated list of licenses and legal obligations associated with the software packages or files discovered in a software portfolio.

  • License Obligations Report: Report on legal obligations that result from inclusion of third-party components with various free and open source software (FOSS) licenses
  • License Compatibility Report: A list of incompatible licenses and associated packages identified during analysis of a code portfolio
  • Concatenated License and Attribution List: A consolidated list of all licenses and associated packages identified in the portfolio, a useful ready-to-ship report for fulfilling attribution obligations of the licenses
  • High-level Reports and Detailed Bill of Materials: Time-stamped, verifiable, high-level executive reports or detailed file-by-file reports on your complete portfolio in HTML or popular documentation formats

Deep Scanning and Snippet Detection

Detect and report on code snippets or copy/paste code embedded in files that would match public domain open source files, and produce a side-by-side similarity comparison of your code and public domain code.

Configurable License and Copyright Policies

Define your own Intellectual Property (IP) policy templates and apply them to specific scans. Define black and white lists of known licenses and copyrights, and define behaviour for custom licenses and copyrights. Protecode Enterprise automatically flags violations of your policies for further investigation. You can choose to ignore common code patterns, or adjust the sensitivity of analysis.

Export Control and Encryption Reporting Report on published Export Control Classification Numbers (ECCNs) and encryption content in your project or code portfolio. Many countries have export controls in place that require disclosure of any encryption algorithm embedded in the product.

SPDX Support
Supports Software Package Data Exchange (SPDX) standard. Protecode Enterprise can read and generate SPDX files.

Reporting Options
Create reports in HTML, spreadsheet, or popular documentation formats.

Supported Languages

  • C, C++
  • C#
  • Objective C
  • Java
  • JavaScript
  • Pascal
  • Perl
  • PHP
  • Python
  • Ruby
  • Visual Basic

Supported Environments

  • Multi-core processor
  • Windows or Linux
  • 8GB+ RAM, 2GB minimum disk space recommended

Supported File Types

  • Source files
  • Binary files
  • Archive files