Case Study: UROS achieves real-time visibility into licensing and dependency conflicts with Synopsys Black Duck

UROS Exposing Licensing and Dependency Conflicts in Real Time

UROS, a Finnish multinational that builds IoT connectivity and cloud solutions, faced a growing AppSec challenge as it shifted to a DevOps model: its GitHub and custom open-source scanners lacked the scope and scale to surface transitive dependencies, license conflicts, and vulnerabilities early in the SDLC. Hidden licensing obligations and limited visibility were creating legal and security risk as development speed increased.

To address this, UROS implemented Synopsys Black Duck SCA to automate discovery of declared and transitive open-source components, track licensing, and deliver real-time scan results. The tool quickly revealed implicit dependencies and licensing issues, reduced manual effort, enabled continuous security in the pipeline, and materially improved UROS’s security posture and customer confidence.

UROS

Jari Korkiakoski

Chief Architect