Black Duck Software Composition Analysis (SCA) vs. ProGet

Black Duck Software Composition Analysis (SCA)

ProGet

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Black Duck Software Composition Analysis (SCA)	Score 10.0 out of 10	N/A	Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.	N/A
ProGet	Score 9.1 out of 10	N/A	inedo offers ProGet, a software repository and package management solution.	N/A

Pricing

Black Duck Software Composition Analysis (SCA)

ProGet

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Black Duck Software Composition Analysis (SCA)	ProGet
Free Trial
No	No
Free/Freemium Version
No	No
Premium Consulting/Integration Services
Yes	No

Entry-level Setup Fee

Optional

No setup fee

Additional Details

Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.

—

More Pricing Information

Community Pulse
	Black Duck Software Composition Analysis (SCA)	ProGet

Best Alternatives
	Black Duck Software Composition Analysis (SCA)	ProGet
Small Businesses	No answers on this topic	Git Score 10.0 out of 10
Medium-sized Companies	Veracode Score 8.8 out of 10	Git Score 10.0 out of 10
Enterprises	Veracode Score 8.8 out of 10	Git Score 10.0 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Black Duck Software Composition Analysis (SCA)	ProGet
Likelihood to Recommend	10.0 (5 ratings)	9.1 (1 ratings)
Usability	8.0 (1 ratings)	- (0 ratings)
Support Rating	8.2 (2 ratings)	- (0 ratings)

User Testimonials
	Black Duck Software Composition Analysis (SCA)	ProGet
Likelihood to Recommend	Synopsys If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production Incentivized Verified User Anonymous Read full review	Inedo As of current, the only artifactory management tool that I would recommend is ProGet. The free version is plentiful in features, supporting all feed types that the paid plans do. The paid plans also add even more capabilities on top of the free plan, such as data retention policies, which helps to minimize storage waste on my server and keep everything clean. Incentivized HW Hunter Wittenborn Linux Sysadmin Read full review
Pros	Synopsys Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code. Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code. Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps. Incentivized Rajiv Aradhyula Sr. Specialist Cloud Architect Read full review	Inedo The Docker registry feature works great. Compared to Sonatype Nexus 3, I don't need to set up extra ports, as everything just works off the port ProGet itself is running on. Debian feeds support automatic GPG key generation, without me having to create or manage them myself. This is another spot where ProGet is better than Nexus, as you have to manually create and specify a key with Nexus, while ProGet simply handles it all for you. Incentivized HW Hunter Wittenborn Linux Sysadmin Read full review
Cons	Synopsys License model based on usage is costly. Documentation is extensive, but often confusing. Black Duck Hub could use some feature improvements for more robust governance capabilities Incentivized Emmanuel Canaan Project Manager, Technology Operations Read full review	Inedo When running ProGet inside of a Docker container, changes to some settings requires a manual restart of the container (i.e. with 'docker restart x'). Incentivized HW Hunter Wittenborn Linux Sysadmin Read full review
Usability	Synopsys If you don’t know how to scan for the language, it isn’t entirely user friendly Incentivized Suzanne Desmond Cloud DevOps Engineer Read full review	Inedo No answers on this topic
Support Rating	Synopsys Support seems very responsive. Incentivized Verified User Anonymous Read full review	Inedo No answers on this topic
Alternatives Considered	Synopsys Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports. Incentivized Rajiv Aradhyula Sr. Specialist Cloud Architect Read full review	Inedo Both Sonatype Nexus 3 and ProGet support all the feed types I use, but ProGet simply does them better. The Docker feeds run on the same port as ProGet itself, while Nexus requires additional ports to be set up, which can be a burden when running in Docker. Debian feeds also support GPG key creation without having to manually specify one, again, reducing the burden for me to manually do things, allowing me to set up and distribute my programs even quicker. Incentivized HW Hunter Wittenborn Linux Sysadmin Read full review
Return on Investment	Synopsys It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen. Incentivized Emmanuel Canaan Project Manager, Technology Operations Read full review	Inedo I don't need to develop custom solutions for distributing my software, as ProGet does it all for me. ProGet also integrates easily into my CI systems, with a fully-featured API that allows me to upload packages right after building. Incentivized HW Hunter Wittenborn Linux Sysadmin Read full review
ScreenShots	Black Duck Software Composition Analysis (SCA) Screenshots