Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
N/A
GitHub
Score 9.1 out of 10
N/A
GitHub is a platform that hosts public and private code and provides software development and collaboration tools. Features include version control, issue tracking, code review, team management, syntax highlighting, etc. Personal plans ($0-50), Organizational plans ($0-200), and Enterprise plans are available.
$4
per month per user
Pricing
Black Duck Software Composition Analysis (SCA)
GitHub
Editions & Modules
No answers on this topic
Team
$40
per year per user
Enterprise
$210
per year per user
Offerings
Pricing Offerings
Black Duck Software Composition Analysis (SCA)
GitHub
Free Trial
No
Yes
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
Yes
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
—
More Pricing Information
Community Pulse
Black Duck Software Composition Analysis (SCA)
GitHub
Features
Black Duck Software Composition Analysis (SCA)
GitHub
Version Control Software Features
Comparison of Version Control Software Features features of Product A and Product B
GitHub is an easy to go tool when it comes to Version Controlling, CI/CD workflows, Integration with third party softwares. It's effective for any level of CI/CD implementation you would like to. Also the the cost of product is also very competitive and affordable. As of now GitHub lacks capabilities when it comes to detailed project management in comparison to tools like Jira, but overall its value for money.
Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Version control: GitHub provides a powerful and flexible Git-based version control system that allows teams to track changes to their code over time, collaborate on code with others, and maintain a history of their work.
Code review: GitHub's pull request system enables teams to review code changes, discuss suggestions and merge changes in a central location. This makes it easier to catch bugs and ensure that code quality remains high.
Collaboration: GitHub provides a variety of collaboration tools to help teams work together effectively, including issue tracking, project management, and wikis.
Not an easy tool for beginners. Prior command-line experience is expected to get started with GitHub efficiently.
Unlike other source control platforms GitHub is a little confusing. With no proper GUI tool its hard to understand the source code version/history.
Working with larger files can be tricky. For file sizes above 100MB, GitHub expects the developer to use different commands (lfs).
While using the web version of GitHub, it has some restrictions on the number of files that can be uploaded at once. Recommended action is to use the command-line utility to add and push files into the repository.
GitHub's ease of use and continued investment into the Developer Experience have made it the de facto tool for our engineers to manage software changes. With new features that continue to come out, we have been able to consolidate several other SaaS solutions and reduce the number of tools required for each engineer to perform their job responsibilities.
GitHub is a clean and modern interface. The underlying integrations make it smooth to couple tasks, projects, pull requests and other business functions together. The insights and reporting is really strong and is getting better with every release. GitHub's PR tooling is strong for being web based, i do believe a better code editor would rival having to pull merge conflicts into local IDE.
There are a ton of resources and tutorials for GitHub online. The sheer number of people who use GitHub ensures that someone has the exact answer you are looking for. The docs on GitHub itself are very thorough as well. You will often find an official doc along with the hundreds of independent tutorials that answers your question, which is unusual for most online services.
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
While I don't have very much experience with these 2 solutions, they're two of the most popular alternatives to GitHub. Bitbucket is from Atlassian, which may make sense for a team that is already using other Atlassian tools like Jira, Confluence, and Trello, as their integration will likely be much tighter. Gitlab on the other hand has a reputation as a very capable GitHub replacement with some features that are not available on GitHub like firewall tools.
Team collaboration significantly improved as everything is clearly logged and maintained.
Maintaining a good overview of items will be delivered wrt the roadmap for example.
Knowledge management and tracking. Over time a lot of tickets, issues and comments are logged. GitHub is a great asset to go back and review why x was y.
