Overview
Product Information on Black Duck Software Composition Analysis
Updated 15th April 2026
What is Black Duck Software Composition Analysis?
Black Duck Software Composition Analysis Pricing
Overall experience with Black Duck Software Composition Analysis
Software Developer
1B - 3B USD, SoftwareFAVORABLE
“CI/CD Integration Enables Streamlined Vulnerability Checks and Compliance Management”
Blackduck has been a great product overall for everything related to OSS scanning and vulnerability checks for all of our projects scanning, it provides good insights on packages and dependencies. The integration with our CI/CD has been very smooth and adds significant value to our work.
Software Developer
3B - 10B USD, IT ServicesCRITICAL
“Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck”
Black Duck performs very poorly outside of a very narrow set of expected use cases. When used with C++ (via Bazel or other build systems) it did not identify components correctly, missed many, and many false alarms. I no longer use the product. Also, the integration tooling is very poor and doesn't even support some of our major platforms (e.g. arm64 macOS).
About Company
Company Description
Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it, development and DevSecOps teams to automate testing within development pipelines without compromising velocity, and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.
Company Details
Year Founded
2002
Head office location
Burlington, United States
Number of employees
1001 - 5000
Website
Do You Manage Peer Insights at Black Duck?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Top Black Duck Software Composition Analysis Alternatives
Peer Discussions
Black Duck Software Composition Analysis Reviews and Ratings
Filter Reviews
Sort By:
Most helpful
Last 12 Months
Star Rating
Reviewer Type
Reviewer's Company Size
Reviewer's Industry
Reviewer's Region
Reviewer's Job Function
- Software Developer1B-10B USDSoftwareReview Source
CI/CD Integration Enables Streamlined Vulnerability Checks and Compliance Management
Blackduck has been a great product overall for everything related to OSS scanning and vulnerability checks for all of our projects scanning, it provides good insights on packages and dependencies. The integration with our CI/CD has been very smooth and adds significant value to our work. - Manager, IT Security and Risk Management10B+ USDSoftwareReview Source
BlackDuck Offers Robust Integration and Reporting Yet Faces Dashboard Performance Issues
BlackDuck provides robust REST API and CLI capabilities for seamless integration and automation with other tools. It helps in automating DevSecOps effectively by automating policy enforcement for projects, pull request decoration with Rapid scan feature and reporting capability with Reporting Database and SBOM report. - Software Developer1B-10B USDIT ServicesReview Source
Limited Accuracy for C++ Scanning and Integration Issues Identified With Black Duck
Black Duck performs very poorly outside of a very narrow set of expected use cases. When used with C++ (via Bazel or other build systems) it did not identify components correctly, missed many, and many false alarms. I no longer use the product. Also, the integration tooling is very poor and doesn't even support some of our major platforms (e.g. arm64 macOS). - Research and Development Associate1B-10B USDSoftwareReview Source
Black Duck - an excellent SCA tool
Black duck helps us greatly in identifying critical vulnerabilities. We did encounter a reporting buf that was not fixed over several releases, hence the non-perfect score. - IT Manager10B+ USDManufacturingReview Source
BlackDuck SCA Offers Strong Risk Detection But Faces Governance Limitations
BlackDuck SCA is outstanding when setup the right way with CI/CD and Policy setup. The setup process and overall governance features within the tool need some improvements though.
...
Showing Result 1-5 of 108
Recommended Gartner Insights
This service may contain translations provided by Google. Google disclaims all warranties related to the translations, express or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose and noninfringement. Gartner's use of this provider is for operational purposes and does not constitute an endorsement of its products or services.
