Black Duck Software Composition Analysis (SCA) vs. PortSwigger Burp Suite

Black Duck Software Composition Analysis (SCA)

PortSwigger Burp Suite

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Black Duck Software Composition Analysis (SCA)	Score 10.0 out of 10	N/A	Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.	N/A
PortSwigger Burp Suite	Score 9.4 out of 10	N/A	The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.	N/A

Pricing

Black Duck Software Composition Analysis (SCA)

PortSwigger Burp Suite

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Black Duck Software Composition Analysis (SCA)	PortSwigger Burp Suite
Free Trial
No	No
Free/Freemium Version
No	No
Premium Consulting/Integration Services
Yes	No

Entry-level Setup Fee

Optional

No setup fee

Additional Details

Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.

—

More Pricing Information

Community Pulse
	Black Duck Software Composition Analysis (SCA)	PortSwigger Burp Suite

Best Alternatives
	Black Duck Software Composition Analysis (SCA)	PortSwigger Burp Suite
Small Businesses	No answers on this topic	GitLab Score 8.7 out of 10
Medium-sized Companies	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10
Enterprises	Veracode Score 8.8 out of 10	Veracode Score 8.8 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Black Duck Software Composition Analysis (SCA)	PortSwigger Burp Suite
Likelihood to Recommend	10.0 (5 ratings)	9.3 (12 ratings)
Usability	8.0 (1 ratings)	9.4 (5 ratings)
Support Rating	8.2 (2 ratings)	10.0 (3 ratings)

User Testimonials
	Black Duck Software Composition Analysis (SCA)	PortSwigger Burp Suite
Likelihood to Recommend	Synopsys If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production Incentivized Verified User Anonymous Read full review	PortSwigger Web Security Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete. Incentivized Glenn Jones Sr. Systems and Security Architect Read full review
Pros	Synopsys Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code. Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code. Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps. Incentivized Rajiv Aradhyula Sr. Specialist Cloud Architect Read full review	PortSwigger Web Security The passive scan feature is really awesome, it kind of covers areas that you might miss. The CSRF POC is really helpful to my team. It helps development team see the issue and understand it. Burp intruder and repeater are the features I myself and my team uses the most as it helps us use our payloads in a variety of different ways. Active scan helps the team to ensure coverage for the whole application. Melvin John Manager - Security Testing Read full review
Cons	Synopsys License model based on usage is costly. Documentation is extensive, but often confusing. Black Duck Hub could use some feature improvements for more robust governance capabilities Incentivized Emmanuel Canaan Project Manager, Technology Operations Read full review	PortSwigger Web Security The interface is a big problem: No matter how many features a software provides you, if the features are not well presented, you will miss most of them when they are actually required. The presentation of the software should be improvised and made more presentable. Tutorial videos for beginners: This software lacks a lot in tutorials. A beginner almost wastes most of the time in finding and understanding the features and the implementation of the same. The software vendor should work on providing more in-depth videos so that people can learn and understand the concepts. Incentivized Verified User Anonymous Read full review
Usability	Synopsys If you don’t know how to scan for the language, it isn’t entirely user friendly Incentivized Suzanne Desmond Cloud DevOps Engineer Read full review	PortSwigger Web Security The workflow between features like Proxy, Scanner, Intruder, and Repeater feels seamless, making it easy to intercept, manipulate, and analyze web traffic. Despite its advanced capabilities, the tool remains accessible and flexible, which significantly speeds up testing without overwhelming the user. Incentivized Verified User Anonymous Read full review
Support Rating	Synopsys Support seems very responsive. Incentivized Verified User Anonymous Read full review	PortSwigger Web Security BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly. Incentivized Verified User Anonymous Read full review
Alternatives Considered	Synopsys Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports. Incentivized Rajiv Aradhyula Sr. Specialist Cloud Architect Read full review	PortSwigger Web Security Each tool is specific and are good for what they do. While Burp Suite can perform some level of the same functions, somehow security consultants prefer these tools as additional to the Burp Suite. Maybe due to open source and easy setup when compared to Burp Suite. But Burp Suite allows for one tool for many templates for each project. Incentivized Verified User Anonymous Read full review
Return on Investment	Synopsys It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen. Incentivized Emmanuel Canaan Project Manager, Technology Operations Read full review	PortSwigger Web Security Scanned 100% of the orgs public facing web sites with a small team of analysts. Provided a reputable second opinion source to back up the other product in use i.e. Webinspect. Pro version $350 is amazing ROI, considering the thwarted attacks and that it's competition is priced in the tens of thousands last I checked. No successful hacks. Q.E.D. :-) Incentivized Dan Fluharty Program Manager, Cybersecurity Assessments Read full review
ScreenShots	Black Duck Software Composition Analysis (SCA) Screenshots