Overview
Product Information on Black Duck Software Composition Analysis
What is Black Duck Software Composition Analysis?
Black Duck Software Composition Analysis Pricing
Black Duck Software Composition Analysis Product Images
Overall experience with Black Duck Software Composition Analysis
“Black Duck - an excellent SCA tool”
“General review - Black Duck”
About Company
Company Description
Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it; development and DevSecOps teams to automate testing within development pipelines without compromising velocity; and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.
Company Details
Do You Manage Peer Insights at Black Duck?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Black Duck Software Composition Analysis
Deciding Factors: Black Duck Software Composition Analysis Vs. Market Average
Performance of Black Duck Software Composition Analysis Across Market Features
Black Duck Software Composition Analysis Likes & Dislikes
1. Ease of use and search capabilities. 2. Integrates with our Power BI - dashboards help us track the security posture of our products. 3. The support team is responsive, honest and overall we are satisfied.
Very useful to figure out vulnerabilities in the various open-source libraries. Ensures accurate overall security, compliance, and risk management. Also, it has quick inventory scanning as well that analyzes quick.
1. Ability to quickly and accurately identify components 2. CVE database, useful analysis and patches 3. Policy management to quickly address the unallowed component ands projects
The reporting bug that they've had in the product for about 4 releases now. We have mitigated the issues and yet they still appear as open, which leads to a misleading status.
Rather outdated UX design, the cost is too expensive. Should be more documentations for users and community.
The database update, users/administrators have no idea about the status of the database, we dont know if the database is updating or upgrading, usually when we open a project, it shows the SBOM is refreshing, we shall check later. That should happen on the backend. Also, I don't like the idea that we can't show our CVE management to customers. We need a feature to show our CVE status, i.e., fixed, ignored, not affected with comments to customers, notify bodies or regulators. We also need Black Duck to support the CVE management deliverables, a machine-readable file generated with all your work on the project, and you can send it to up and down stream for a cooperation. That would help a lot but I haven't found it yet.
Top Black Duck Software Composition Analysis Alternatives
Peer Discussions
Black Duck Software Composition Analysis Reviews and Ratings
- Research and Development Associate1B-10B USDSoftwareReview Source
Black Duck - an excellent SCA tool
Black duck helps us greatly in identifying critical vulnerabilities. We did encounter a reporting buf that was not fixed over several releases, hence the non-perfect score. - Security & Risk Management50M-1B USDTelecommunicationReview Source
Transparency in CVE Status Reporting and Database Updates Remain Key User Concerns
Black Duck is the only SCA solution we found which supports both C/C++ source code/binary detection, and can be deployed in pravacy. This solution has strong ability/power in component analysis, and the vulnerabilities database is really up-to-date. We can find further and deeply support in CVE management and fix issues. Also the vendors' technical support is so strong, any problems/issues can be solved in really short time. - IT Security SpecialistGov't/PS/EdGovernmentReview Source
BlackDuck's Intuitive Interface Covers All Programming Languages
BlackDuck was easy to setup and the vendor provided clear instructions on the configuration. - Senior Director of Software Development50M-1B USDSoftwareReview Source
BlackDuck SCA Tool - Strengths and Weaknesses
SCA tool does a good job of identifying the opensource vulnerabilities and license risks. The user interface is very intuitive and simple to use. - Software Developer50M-1B USDHardwareReview Source
Black Duck Binary Analysis (BDBA) is an excellent SCA tool.
Using Black Duck Binary Analysis. The advantage is that we can easily create SBOMS and Reports from binary files.