Overview
Product Information on Black Duck Software Composition Analysis
What is Black Duck Software Composition Analysis?
Black Duck Software Composition Analysis Pricing
Black Duck Software Composition Analysis Product Images
Overall experience with Black Duck Software Composition Analysis
“Best-in-class SCA tool with Flexible Policy Management”
“Dated User Interface and Deployment Challenges Highlighted in Platform Feedback”
About Company
Company Description
Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it; development and DevSecOps teams to automate testing within development pipelines without compromising velocity; and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.
Company Details
Do You Manage Peer Insights at Black Duck?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Black Duck Software Composition Analysis
Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average
Performance of Black Duck Software Composition Analysis Across Market Features
Black Duck Software Composition Analysis Likes & Dislikes
The combination of high security and license compliance capabilities with flexible policies makes BlackDuck Software Composition Analysis the perfect tool for companies that wish to manage Open Source at a high level. There is no need for any additional complementary tools to manage Open Source.
1. Responsive and professional support team. Very fast response time to support tickets and can always resolve our issues in one or two rounds of communication. 2. Good documentation of the product. 3. Black duck has it's own research team with it's own vulnerability database.
Black Duck provides strong Knowledge Base Data and License Data, along with NVD alerts, BD-SCA provides BDSA which is curated by a dedicated security team. With the new AI model Scanning capability which helps our organisation to manage the licensing and security risk effectively.
Black Duck Software Composition Analysis tool comes with a high price tag and a minimum developer plan, which may not fit many small software companies.
1. The UX is a bit dated and not the most intuitive to use. 2. Deployment is hard to manage. HA requires two full stack deployments. Also, the product is only released quarterly, hence a lot of vulnerabilities in the product itself can't be patched in a timely manner. 3. Tend to have many bugs in every version.
Performance issues especially while loading the projects. BlackDuck SCA Dashboard. Limited LDAP Server capabilities.
Top Black Duck Software Composition Analysis Alternatives
Peer Discussions
Black Duck Software Composition Analysis Reviews and Ratings
- VP, COMPLIANCE AND RISK MANAGEMENT<50M USDServices (non-Government)Review Source
Best-in-class SCA tool with Flexible Policy Management
Best in class Software Composition Analysis tool. Wide language support. Open Source components identification using various scanners, including binary analysis and a rich knowledgebase. - Manager, IT Security and Risk Management10B+ USDSoftwareReview Source
BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues
BlackDuck provides robust REST API and CLI capabilities for seamless integration and automation with other tools. It helps in automating DevSecOps effectively by automating policy enforcement for projects, pull request decoration with Rapid scan feature and reporting capability with Reporting Database and SBOM report. - Research and Development Associate1B-10B USDSoftwareReview Source
Black Duck - an excellent SCA tool
Black duck helps us greatly in identifying critical vulnerabilities. We did encounter a reporting buf that was not fixed over several releases, hence the non-perfect score. - Manager, It Security And Risk Management10B+ USDBankingReview Source
Dated User Interface and Deployment Challenges Highlighted in Platform Feedback
The design of the on-prem version of the platform is a bit dated. It required a considerable amount of the engineering effort to operate the platform. - Security & Risk Management50M-1B USDTelecommunicationReview Source
Transparency in CVE Status Reporting and Database Updates Remain Key User Concerns
Black Duck is the only SCA solution we found which supports both C/C++ source code/binary detection, and can be deployed in pravacy. This solution has strong ability/power in component analysis, and the vulnerabilities database is really up-to-date. We can find further and deeply support in CVE management and fix issues. Also the vendors' technical support is so strong, any problems/issues can be solved in really short time.