Overview
Product Information on Black Duck Software Composition Analysis
What is Black Duck Software Composition Analysis?
Black Duck Software Composition Analysis Pricing
Black Duck Software Composition Analysis Product Images
Overall experience with Black Duck Software Composition Analysis
“Best-in-class SCA tool with Flexible Policy Management”
“Dated User Interface and Deployment Challenges Highlighted in Platform Feedback”
About Company
Company Description
Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it; development and DevSecOps teams to automate testing within development pipelines without compromising velocity; and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.
Company Details
Do You Manage Peer Insights at Black Duck?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Black Duck Software Composition Analysis
Performance of Black Duck Software Composition Analysis Across Market Features
Black Duck Software Composition Analysis Likes & Dislikes
The combination of high security and license compliance capabilities with flexible policies makes BlackDuck Software Composition Analysis the perfect tool for companies that wish to manage Open Source at a high level. There is no need for any additional complementary tools to manage Open Source.
1. Responsive and professional support team. Very fast response time to support tickets and can always resolve our issues in one or two rounds of communication. 2. Good documentation of the product. 3. Black duck has it's own research team with it's own vulnerability database.
Excellent potential to eradicate security threats, many features, easy to integrate
Black Duck Software Composition Analysis tool comes with a high price tag and a minimum developer plan, which may not fit many small software companies.
1. The UX is a bit dated and not the most intuitive to use. 2. Deployment is hard to manage. HA requires two full stack deployments. Also, the product is only released quarterly, hence a lot of vulnerabilities in the product itself can't be patched in a timely manner. 3. Tend to have many bugs in every version.
Cost wise slightly expensive, UI can be improved and strengthen to cover many more security parts
Top Black Duck Software Composition Analysis Alternatives
Peer Discussions
Black Duck Software Composition Analysis Reviews and Ratings
- VP, COMPLIANCE AND RISK MANAGEMENT<50M USDServices (non-Government)Review Source
Best-in-class SCA tool with Flexible Policy Management
Best in class Software Composition Analysis tool. Wide language support. Open Source components identification using various scanners, including binary analysis and a rich knowledgebase. - Manager, It Security And Risk Management10B+ USDBankingReview Source
Dated User Interface and Deployment Challenges Highlighted in Platform Feedback
The design of the on-prem version of the platform is a bit dated. It required a considerable amount of the engineering effort to operate the platform. - ASSOCIATE SOFTWARE DEVELOPMENT ENGINEER1B-10B USDHardwareReview Source
Great tool for functionally safe projects
Recently started using Blackduck SCA and it's been great using it for identifying potential threats and potential data threats - PRINCIPAL SECURITY ENGINEER50M-1B USDMiscellaneousReview Source
Great for tracking OSS in use and generating SBOM
Black Duck provides a critical service for us with Open Source Software we use. As long as this product has been around, it is still not ideal to be used at Enterprise level. It is not a product easy to scale out and does not support any type of load balancing. - CYBER SECURITY50M-1B USDBankingReview Source
Black Duck helps us to find vulnerabilities in our application
Black Duck helps us find vulnerabilities in our application by categories into 3 components. 1. Security risk in library 2. Library licensing agreement 3. Operation risk in library Which is really strange forward and easy for developer to understand and flexible for fixing. Black duck has ability to go through every part in the code to scan for vulnerabilities and show specific dependency.