Case Study: JDA Software Group achieves automated open-source security and license compliance with Synopsys Black Duck

JDA Software Extending a Secure SDLC to Remediate Open Source Security Issues

JDA Software, a $1B+ global leader in supply‑chain solutions with 100+ products, faced growing risk from widespread use of open source components across its portfolio. Without an accurate bill of materials or automated tracking, JDA struggled to discover vulnerabilities and license conflicts—exposing products and customers to security and compliance gaps and making timely patching impossible.

JDA implemented Synopsys Black Duck Code Center (2015) and Black Duck SCA (2017), integrating them into CI/CD pipelines and Jira to automate component approval, policy enforcement, and remediation workflows. The result was an accurate BOM for every product, automated tracking and fixing of security and license issues, stronger release gating, lower overhead, and confidence that products ship without unmanaged open source risks.

JDA Software Group

John Vrankovich

Principal Architect