Black Duck Review

Overview

Black Duck has more than 15 years experience in helping legal, development, and security teams around the world manage the risks of utilizing open source. The solutions are designed based on the Black Duck KnowledgeBase which is a complete database of open source license information, component, and vulnerability. Black Duck software composition analysis (SCA) tools and open source audits provide the insight you require to monitor the open source in your code, minimize license compliance and security risks, and automatically implement open source policies utilizing your existing DevOps processes and tools.

The Black Duck platform combines advanced remediation guidance, improved vulnerability data, binary analysis, snippet matching, file system scanning, dependency analysis, and multifactor open source discovery. This software is used by more than 2,000 organizations across the world including leading brands like NEC, Otis, SAP, Siemens, and Samsung.

Benefits

Manage Open Source during Development 

Utilize Multifactor Open Source Identification

Detect unique hash signatures, declared components, and dependencies solved during a build.

Produce a Comprehensive Inventory of Open Source in Use

Monitor all third-party versions, licenses, and components contained in your apps.

Map Your Bill of Materials (BoM)

Map your BoM onto a large knowledge base of open source license, vulnerability, and project data. Make educated decisions with pertinent risk metrics and operable remediation guidance.

Gain Deep Vulnerability Insight

Access in-depth security risk insights provided by the Cybersecurity Research Center (CyRC). Get notifications about new weak links up to three weeks before they are posted in the NVD, decreasing your exposure window.

Manage Security as Dangers Evolve

Automatically get alerts for freshly discovered weak links in the dependencies and components in your BoM.

Manage Open Source during Deployment 

Scan virtually any firmware or software swiftly

This includes mobile and desktop applications, virtual appliances, embedded system firmware, and more.

Assess without Source Code

Just upload the software you wish to evaluate, and Black Duck performs a comprehensive binary analysis quickly.

Acquire an Inclusive Bill of Materials (BoM)

Spot and catalog all third-party software licenses and components.

Make Educated Decisions about Software Use

Minimize security risks and the danger of license noncompliance. Pinpoint recognized open source vulnerabilities, application permission requirements, sources of confidential data leakage, and licensing obligations.   

Uphold Security as Risks Evolve

Automatically get alerts for freshly discovered weak links in previously scanned solutions.

Product Features

Pricing

Black Duck software pricing information is not publicly available. Contact the vendor, Synopsys, for current pricing details.