Acunetix by Invicti vs. Black Duck Software Composition Analysis (SCA)

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Acunetix by Invicti
Score 8.4 out of 10
N/A
AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
Black Duck Software Composition Analysis (SCA)
Score 7.2 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.N/A
Pricing
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)
Editions & Modules
Websites Scanned: 5
4,500
Websites Scanned: 6-10
7,200
Websites Scanned: 11-20
10,800
Websites Scanned: 21-35
22,540
Websites Scanned: 36-50
26,600
Websites Scanned: Over 50
Contact for quote
No answers on this topic
Offerings
Pricing Offerings
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoYes
Entry-level Setup FeeNo setup feeOptional
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
Community Pulse
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)
Top Pros
Top Cons
Best Alternatives
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)
Small Businesses
GitLab
GitLab
Score 8.8 out of 10

No answers on this topic

Medium-sized Companies
GitLab
GitLab
Score 8.8 out of 10
Veracode
Veracode
Score 8.6 out of 10
Enterprises
GitLab
GitLab
Score 8.8 out of 10
Veracode
Veracode
Score 8.6 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)
Likelihood to Recommend
9.0
(3 ratings)
9.0
(4 ratings)
Support Rating
-
(0 ratings)
8.2
(2 ratings)
User Testimonials
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)
Likelihood to Recommend
Invicti Security
It is best suited for integrated security testing of applications which are hosted on web servers. The most important thing is the integration of DevSecOps which is crucial in today's fast paced environment of rapid development. The core of Acunetix is application scanning which is really great and I highly recommend this product to everyone
Read full review
Synopsys
If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production
Read full review
Pros
Invicti Security
  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.
Read full review
Synopsys
  • Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
  • Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
  • Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Read full review
Cons
Invicti Security
  • Configuration of DevSecOps can be improved for ease
  • Dashboard can have API integration
  • Broaden the scope of vulnerabilities
Read full review
Synopsys
  • License model based on usage is costly.
  • Documentation is extensive, but often confusing.
  • Black Duck Hub could use some feature improvements for more robust governance capabilities
Read full review
Support Rating
Invicti Security
No answers on this topic
Synopsys
Support seems very responsive.
Read full review
Alternatives Considered
Invicti Security
ZAP is a free tool, and adequate. But it is to that extent less friendly. I would not be as confident of the results and it definitely can't produce reports on par with Acunetix. There would be a lot of legwork on our end if we desired to switch to this tool.
Read full review
Synopsys
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Read full review
Return on Investment
Invicti Security
  • Saved money compared to other commercial scanners, especially over the long run.
  • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
  • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Read full review
Synopsys
  • It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.
Read full review
ScreenShots

Acunetix by Invicti Screenshots

Screenshot of DashboardScreenshot of FilteringScreenshot of scan results

Black Duck Software Composition Analysis (SCA) Screenshots

Screenshot of Black Duck helps you find and fix your highest-priority vulnerabilitiesScreenshot of Use Black Duck to comply with open source license obligations and to verify compliance with all open source license  termsScreenshot of Black Duck automatically creates tickets in your activity tracking applications like Jira for both policy violations and vulnerabilitiesScreenshot of Black Duck's vulnerability ImpactAnalysis indicates whether a vulnerability is actually being called by your applicationScreenshot of The Black Duck security advisory gives the information you need to address security risks and make the fixScreenshot of Black Duck generates a Bill of Materials which gives you a complete and detailed inventory of all open source identified in your codebase