Name: Black Duck Software Composition Analysis
Rating: 4.3 (106 reviews)

Overview

Product Information on Black Duck Software Composition Analysis

Updated 15th April 2026

What is Black Duck Software Composition Analysis?

Black Duck Software Composition Analysis is a software supply chain security solution for managing security, license compliance and code quality risks that come from the use of open source in applications, containers, and any other software artifact or binary. Black Duck SCA gives you visibility into third-party dependencies using multiple discovery techniques to generate a complete and accurate software bill of materials (SBOM). And, for every dependency identified, conducts an evaluation for associated risk and guides prioritization and remediation efforts, enabling teams to manage risk introduced by their software supply chain.

Overall experience with Black Duck Software Composition Analysis

Software Developer

1B - 3B USD, Software

FAVORABLE

“CI/CD Integration Enables Streamlined Vulnerability Checks and Compliance Management”

5.0

Apr 23, 2026

Blackduck has been a great product overall for everything related to OSS scanning and vulnerability checks for all of our projects scanning, it provides good insights on packages and dependencies. The integration with our CI/CD has been very smooth and adds significant value to our work.

Software Developer

3B - 10B USD, IT Services

CRITICAL

“Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck”

2.0

Apr 17, 2026

Black Duck performs very poorly outside of a very narrow set of expected use cases. When used with C++ (via Bazel or other build systems) it did not identify components correctly, missed many, and many false alarms. I no longer use the product. Also, the integration tooling is very poor and doesn't even support some of our major platforms (e.g. arm64 macOS).

About Company

Company Description

Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it, development and DevSecOps teams to automate testing within development pipelines without compromising velocity, and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.

Company Details

Year Founded

2002

Head office location

Burlington, United States

Number of employees

1001 - 5000

Website

https://blackduck.com

Do You Manage Peer Insights at Black Duck?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Black Duck Software Composition Analysis

Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average

Performance of Black Duck Software Composition Analysis Across Market Features

Black Duck Software Composition Analysis Likes & Dislikes

Comphrensive visibility, accurate vulnerability detection, efficient compliance support, integration support and also managing our devops ecosystem

The UI for reporting software composition is very nice.

Black Duck provides strong Knowledge Base Data and License Data, along with NVD alerts, BD-SCA provides BDSA which is curated by a dedicated security team. With the new AI model Scanning capability which helps our organisation to manage the licensing and security risk effectively.

Limited traceability of history, Reports can be difficult to understand for non-security teams and performance optimization for large projects scans.

SBOM import doesn't work, composition scanning seems to generally not work for C, makes lots of assumptions like assigning arbitrary (incorrect) version numbers and licenses

Performance issues especially while loading the projects. BlackDuck SCA Dashboard. Limited LDAP Server capabilities.

Top Black Duck Software Composition Analysis Alternatives

Peer Discussions

Black Duck Software Composition Analysis Reviews and Ratings

Recommended Gartner Insights

1B-10B USD

Software

Review Source

CI/CD Integration Enables Streamlined Vulnerability Checks and Compliance Management

Apr 22, 2026

Manager, IT Security and Risk Management

10B+ USD

BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues

Feb 26, 2026

BlackDuck provides robust REST API and CLI capabilities for seamless integration and automation with other tools. It helps in automating DevSecOps effectively by automating policy enforcement for projects, pull request decoration with Rapid scan feature and reporting capability with Reporting Database and SBOM report.

IT Services

Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck

Research and Development Associate

Black Duck - an excellent SCA tool

4.0

Jan 12, 2026

Black duck helps us greatly in identifying critical vulnerabilities. We did encounter a reporting buf that was not fixed over several releases, hence the non-perfect score.

IT Manager

Manufacturing

BlackDuck SCA Offers Strong Risk Detection But Faces Governance Limitations

BlackDuck SCA is outstanding when setup the right way with CI/CD and Policy setup. The setup process and overall governance features within the tool need some improvements though.

Overview

Product Information on Black Duck Software Composition Analysis

What is Black Duck Software Composition Analysis?

Black Duck Software Composition Analysis Pricing

Overall experience with Black Duck Software Composition Analysis

“CI/CD Integration Enables Streamlined Vulnerability Checks and Compliance Management”

“Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Black Duck Software Composition Analysis

Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average

Performance of Black Duck Software Composition Analysis Across Market Features

Black Duck Software Composition Analysis Likes & Dislikes

Top Black Duck Software Composition Analysis Alternatives

Peer Discussions

Black Duck Software Composition Analysis Reviews and Ratings

Recommended Gartner Insights

About Company

Company Description

Company Details

Reviewer Insights for: Black Duck Software Composition Analysis

Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average

Performance of Black Duck Software Composition Analysis Across Market Features

Black Duck Software Composition Analysis Likes & Dislikes

Recommended Gartner Insights

Top Black Duck Software Composition Analysis Alternatives

Black Duck Software Composition Analysis Reviews and Ratings

1. Veracode

2. Checkmarx SAST

3. Fluid Attacks Continuous Hacking

CI/CD Integration Enables Streamlined Vulnerability Checks and Compliance Management

BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues

Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck

Black Duck - an excellent SCA tool

BlackDuck SCA Offers Strong Risk Detection But Faces Governance Limitations

4.3

(106 Ratings)

Rating Distribution

Customer Experience

Product Capabilities