Name: Black Duck Software Composition Analysis
Rating: 4.2 (103 reviews)

Overview

Product Information on Black Duck Software Composition Analysis

Updated 15th April 2026

What is Black Duck Software Composition Analysis?

Black Duck Software Composition Analysis is a software supply chain security solution for managing security, license compliance and code quality risks that come from the use of open source in applications, containers, and any other software artifact or binary. Black Duck SCA gives you visibility into third-party dependencies using multiple discovery techniques to generate a complete and accurate software bill of materials (SBOM). And, for every dependency identified, conducts an evaluation for associated risk and guides prioritization and remediation efforts, enabling teams to manage risk introduced by their software supply chain.

Overall experience with Black Duck Software Composition Analysis

Manager, IT Security and Risk Management

30B + USD, Software

FAVORABLE

“BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues”

5.0

Feb 26, 2026

BlackDuck provides robust REST API and CLI capabilities for seamless integration and automation with other tools. It helps in automating DevSecOps effectively by automating policy enforcement for projects, pull request decoration with Rapid scan feature and reporting capability with Reporting Database and SBOM report.

Software Developer

3B - 10B USD, IT Services

CRITICAL

“Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck”

2.0

Apr 17, 2026

Black Duck performs very poorly outside of a very narrow set of expected use cases. When used with C++ (via Bazel or other build systems) it did not identify components correctly, missed many, and many false alarms. I no longer use the product. Also, the integration tooling is very poor and doesn't even support some of our major platforms (e.g. arm64 macOS).

About Company

Company Description

Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it, development and DevSecOps teams to automate testing within development pipelines without compromising velocity, and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.

Company Details

Year Founded

2002

Head office location

Burlington, United States

Number of employees

1001 - 5000

Website

https://blackduck.com

Do You Manage Peer Insights at Black Duck?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Black Duck Software Composition Analysis

Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average

Performance of Black Duck Software Composition Analysis Across Market Features

Black Duck Software Composition Analysis Likes & Dislikes

Black Duck provides strong Knowledge Base Data and License Data, along with NVD alerts, BD-SCA provides BDSA which is curated by a dedicated security team. With the new AI model Scanning capability which helps our organisation to manage the licensing and security risk effectively.

The UI for reporting software composition is very nice.

1. Ease of use and search capabilities. 2. Integrates with our Power BI - dashboards help us track the security posture of our products. 3. The support team is responsive, honest and overall we are satisfied.

Performance issues especially while loading the projects. BlackDuck SCA Dashboard. Limited LDAP Server capabilities.

SBOM import doesn't work, composition scanning seems to generally not work for C, makes lots of assumptions like assigning arbitrary (incorrect) version numbers and licenses

The reporting bug that they've had in the product for about 4 releases now. We have mitigated the issues and yet they still appear as open, which leads to a misleading status.

Top Black Duck Software Composition Analysis Alternatives

4.6

(419 Ratings)

4.6

(400 Ratings)

4.8

(274 Ratings)

View All Alternatives

Peer Discussions

Black Duck Software Composition Analysis Reviews and Ratings

Recommended Gartner Insights

10B+ USD

Software

Review Source

BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues

1B-10B USD

IT Services

Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck

Research and Development Associate

Black Duck - an excellent SCA tool

4.0

Jan 12, 2026

Black duck helps us greatly in identifying critical vulnerabilities. We did encounter a reporting buf that was not fixed over several releases, hence the non-perfect score.

Manager, It Security And Risk Management

Banking

Dated User Interface and Deployment Challenges Highlighted in Platform Feedback

3.0

The design of the on-prem version of the platform is a bit dated. It required a considerable amount of the engineering effort to operate the platform.

VP, COMPLIANCE AND RISK MANAGEMENT

<50M USD

Services (non-Government)

Best-in-class SCA tool with Flexible Policy Management

Oct 13, 2025

Best in class Software Composition Analysis tool. Wide language support. Open Source components identification using various scanners, including binary analysis and a rich knowledgebase.

Overview

Product Information on Black Duck Software Composition Analysis

What is Black Duck Software Composition Analysis?

Black Duck Software Composition Analysis Pricing

Overall experience with Black Duck Software Composition Analysis

“BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues”

“Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Black Duck Software Composition Analysis

Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average

Performance of Black Duck Software Composition Analysis Across Market Features

Black Duck Software Composition Analysis Likes & Dislikes

Top Black Duck Software Composition Analysis Alternatives

1. Veracode

2. Checkmarx SAST

3. Fluid Attacks Continuous Hacking

Peer Discussions

Black Duck Software Composition Analysis Reviews and Ratings

Recommended Gartner Insights

About Company

Company Description

Company Details

Reviewer Insights for: Black Duck Software Composition Analysis

Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average

Performance of Black Duck Software Composition Analysis Across Market Features

Black Duck Software Composition Analysis Likes & Dislikes

Top Black Duck Software Composition Analysis Alternatives

1. Veracode

2. Checkmarx SAST

3. Fluid Attacks Continuous Hacking

Recommended Gartner Insights

Black Duck Software Composition Analysis Reviews and Ratings

BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues

Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck

Black Duck - an excellent SCA tool

Dated User Interface and Deployment Challenges Highlighted in Platform Feedback

Best-in-class SCA tool with Flexible Policy Management

4.2

(103 Ratings)

Rating Distribution

Customer Experience

Product Capabilities