Azure DevOps (formerly VSTS, Microsoft Visual Studio Team System) is an agile development product that is an extension of the Microsoft Visual Studio architecture. Azure DevOps includes software development, collaboration, and reporting capabilities.
$2
per GB (first 2GB free)
Black Duck Software Composition Analysis (SCA)
Score 10.0 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
N/A
Pricing
Azure DevOps
Black Duck Software Composition Analysis (SCA)
Editions & Modules
Azure Artifacts
$2
per GB (first 2GB free)
Basic Plan
$6
per user per month (first 5 users free)
Azure Pipelines - Self-Hosted
$15
per extra parallel job (1 free parallel job with unlimited minutes)
Azure Pipelines - Microsoft Hosted
$40
per parallel job (1,800 minutes free with 1 free parallel job)
Basic + Test Plan
$52
per user per month
No answers on this topic
Offerings
Pricing Offerings
Azure DevOps
Black Duck Software Composition Analysis (SCA)
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
Yes
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
Azure DevOps works well when you’ve got larger delivery efforts with multiple teams and a lot of moving parts, and you need one place to plan work, track it properly, and see how everything links together. It’s especially useful when delivery and development are closely tied and you want backlog items, code and releases connected rather than spread across tools. Where it’s less of a fit is for small teams or simple pieces of work, as it can feel like more setup and process than you really need, and non-technical users often struggle with the interface. It also isn’t great if you want instant, easy programme-level views or a very visual planning experience without putting time into configuration.
Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
I did mention it has good visibility in terms of linking, but sometimes items do get lost, so if there was a better way to manage that, that would be great.
The wiki is not the prettiest thing to look at, so it could have refinements there.
I don't think our organization will stray from using VSTS/TFS as we are now looking to upgrade to the 2012 version. Since our business is software development and we want to meet the requirements of CMMI to deliver consistent and high quality software, this SDLC management tool is here to stay. In addition, our company uses a lot of Microsoft products, such as Office 365, Asp.net, etc, and since VSTS/TFS has proved itself invaluable to our own processes and is within the Microsoft family of products, we will continue to use VSTS/TFS for a long, long time.
It's a great help to get more information about new feature release and stay updated on what the dev team is working on. I like how easy it is to just login and read through the work items. Each work item has basic details: Title, Description, Assigned to, State, Area (what it belongs to), and iteration (when it’s worked on). See image above.They move through different states (New → Discovery → Ready for Prod → etc.).
When we've had issues, both Microsoft support and the user community have been very responsive. DevOps has an active developer community and frankly, you can find most of your questions already asked and answered there. Microsoft also does a better job than most software vendors I've worked with creating detailed and frequently updated documentation.
Microsoft Planner is used by project managers and IT service managers across our organization for task tracking and running their team meetings. Azure DevOps works better than Planner for software development teams but might possibly be too complex for non-software teams or more business-focused projects. We also use ServiceNow for IT service management and this tool provides better analysis and tracking of IT incidents, as Azure DevOps is more suited to development and project work for dev teams.
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
We have saved a ton of time not calculating metrics by hand.
We no longer spend time writing out cards during planning, it goes straight to the board.
We no longer track separate documents to track overall department goals. We were able to create customized icons at the department level that lets us track each team's progress against our dept goals.
