TrustRadius

Black Duck Software Composition Analysis (SCA) vs. Qualys TruRisk Platform

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Black Duck Software Composition Analysis (SCA)
Score 9.9 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.N/A
Qualys TruRisk Platform
Score 6.1 out of 10
N/A
Qualys TruRisk Platform (formerly Qualys Cloud Platform, or Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and network attack surface reduction.N/A
Pricing
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
YesNo
Entry-level Setup FeeOptionalNo setup fee
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
Community Pulse
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Features
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Black Duck Software Composition Analysis (SCA)
-
Ratings
Qualys TruRisk Platform
8.7
7 Ratings
8% above category average
Network Analytics00 Ratings8.96 Ratings
Threat Recognition00 Ratings8.37 Ratings
Vulnerability Classification00 Ratings8.87 Ratings
Automated Alerts and Reporting00 Ratings9.07 Ratings
Threat Analysis00 Ratings8.27 Ratings
Threat Intelligence Reporting00 Ratings8.97 Ratings
Automated Threat Identification00 Ratings8.77 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Black Duck Software Composition Analysis (SCA)
-
Ratings
Qualys TruRisk Platform
8.5
9 Ratings
4% above category average
IT Asset Realization00 Ratings8.89 Ratings
Authentication00 Ratings7.96 Ratings
Configuration Monitoring00 Ratings8.57 Ratings
Web Scanning00 Ratings8.88 Ratings
Vulnerability Intelligence00 Ratings8.67 Ratings
Best Alternatives
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Small Businesses

No answers on this topic

Action1
Action1
Score 9.4 out of 10
Medium-sized Companies
Veracode
Veracode
Score 9.2 out of 10
Action1
Action1
Score 9.4 out of 10
Enterprises
Veracode
Veracode
Score 9.2 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Likelihood to Recommend
10.0
(5 ratings)
8.6
(25 ratings)
Usability
8.0
(1 ratings)
2.0
(1 ratings)
Support Rating
8.2
(2 ratings)
5.0
(7 ratings)
User Testimonials
Black Duck Software Composition Analysis (SCA)Qualys TruRisk Platform
Likelihood to Recommend
Synopsys
If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production
Verified User
Anonymous
Read full review
Qualys
Qualys Cloud Platform is well suited for organizations that need additional tools to secure and bolster their security from end to end. The automated, real-time threat protection is very quick to notify an admin of potential vulnerabilities and risks, as well as recommending quick fixes to resolve/close the gap before an incident occurs. QCP excels at portraying all of these in a single pane of glass, and find that the Qualys reports are more detailed than competitor product lines. One of our big issues with QCP is that you do have to pay for each scanner, which can quickly add up to large costs. For this reason, I would rate Qualys at a ~7 due to great features and functionality, but overall value could be better for a large organization. I would also say that QCP may make more sense for smaller organizations due to this pricing model.
Verified User
Anonymous
Read full review
Pros
Synopsys
  • Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
  • Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
  • Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Rajiv Aradhyula | TrustRadius Reviewer
Rajiv Aradhyula
Sr. Specialist Cloud Architect
Read full review
Qualys
  • It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
  • It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
  • It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
Verified User
Anonymous
Read full review
Cons
Synopsys
  • License model based on usage is costly.
  • Documentation is extensive, but often confusing.
  • Black Duck Hub could use some feature improvements for more robust governance capabilities
Emmanuel Canaan | TrustRadius Reviewer
Emmanuel Canaan
Project Manager, Technology Operations
Read full review
Qualys
  • This program is really complicated, the multiple functions that are presented to us are not very clear and in some cases, it is a matter of intuition to execute a function, it is not very informative.
  • The interface of this program can be a real problem; for our taste, this program looks a bit messy, and the interface does not help or guide you to find the options you need.
Henry Coronel | TrustRadius Reviewer
Henry Coronel
Systems Product Engineer
Read full review
Usability
Synopsys
If you don’t know how to scan for the language, it isn’t entirely user friendly
Suzanne Desmond | TrustRadius Reviewer
Suzanne Desmond
Cloud DevOps Engineer
Read full review
Qualys
Again, the usability of Qualys has been a pinpoint for this entire review. It was easily the worst thing about the product and because of this, I would not recommend Qualys to anybody in my field. This should be something that Qualys strives to improve if they wish to stay in business.
Verified User
Anonymous
Read full review
Support Rating
Synopsys
Support seems very responsive.
Verified User
Anonymous
Read full review
Qualys
They had a support page within the WAS to report any concerns or seek help. But the UI of that is not smooth. Regardless support staff were pretty responsive and helpful. They scheduled calls to understand and address our problems. Email support is good as well.
Verified User
Anonymous
Read full review
Alternatives Considered
Synopsys
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Rajiv Aradhyula | TrustRadius Reviewer
Rajiv Aradhyula
Sr. Specialist Cloud Architect
Read full review
Qualys
As described before Qualys is used to scan periodically the environment in order to check if there are some packages (Linux) or Applications (Windows) outdated, generating reports to the Service Owners, fulfilling what's is expected from us, attending all our expectations regarding the tool. That's why we'd choose Qualys to our organization.
Verified User
Anonymous
Read full review
Return on Investment
Synopsys
  • It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.
Emmanuel Canaan | TrustRadius Reviewer
Emmanuel Canaan
Project Manager, Technology Operations
Read full review
Qualys
  • Big time-saving tool vs. having to comb through several system reports which ultimately can still have you missing unapproved software.
  • Quick snapshot via the dashboard provided a nice summary of where you're assets meet or do not meet your organization's policy requirements.
Verified User
Anonymous
Read full review
ScreenShots

Black Duck Software Composition Analysis (SCA) Screenshots

Screenshot of Black Duck helps you find and fix your highest-priority vulnerabilitiesScreenshot of Use Black Duck to comply with open source license obligations and to verify compliance with all open source license termsScreenshot of Black Duck automatically creates tickets in your activity tracking applications like Jira for both policy violations and vulnerabilitiesScreenshot of Black Duck's vulnerability ImpactAnalysis indicates whether a vulnerability is actually being called by your applicationScreenshot of The Black Duck security advisory gives the information you need to address security risks and make the fixScreenshot of Black Duck generates a Bill of Materials which gives you a complete and detailed inventory of all open source identified in your codebase