TrustRadius

Black Duck Software Composition Analysis (SCA) vs. Tenable Nessus

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Black Duck Software Composition Analysis (SCA)
Score 9.9 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.N/A
Tenable Nessus
Score 8.7 out of 10
N/A
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
$2,790
Pricing
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Editions & Modules
No answers on this topic
1 Year
$2,790.00
1 Year + Advanced Support
$3,190.00
2 Years
$5,440.00
2 Years + Advanced Support
$6,240.00
3 Years
$7,951.00
3 Years + Advanced Support
$9,151.00
Offerings
Pricing Offerings
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
YesNo
Entry-level Setup FeeOptionalNo setup fee
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
Community Pulse
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Features
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Black Duck Software Composition Analysis (SCA)
-
Ratings
Tenable Nessus
6.2
4 Ratings
26% below category average
Network Analytics00 Ratings1.12 Ratings
Threat Recognition00 Ratings7.04 Ratings
Vulnerability Classification00 Ratings9.53 Ratings
Automated Alerts and Reporting00 Ratings10.03 Ratings
Threat Analysis00 Ratings5.53 Ratings
Threat Intelligence Reporting00 Ratings5.03 Ratings
Automated Threat Identification00 Ratings5.53 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Black Duck Software Composition Analysis (SCA)
-
Ratings
Tenable Nessus
7.5
4 Ratings
10% below category average
IT Asset Realization00 Ratings7.03 Ratings
Authentication00 Ratings7.53 Ratings
Configuration Monitoring00 Ratings8.04 Ratings
Web Scanning00 Ratings5.53 Ratings
Vulnerability Intelligence00 Ratings9.34 Ratings
Best Alternatives
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Small Businesses

No answers on this topic

Action1
Action1
Score 9.4 out of 10
Medium-sized Companies
Veracode
Veracode
Score 9.2 out of 10
Action1
Action1
Score 9.4 out of 10
Enterprises
Veracode
Veracode
Score 9.2 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.0 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Likelihood to Recommend
10.0
(5 ratings)
9.0
(9 ratings)
Likelihood to Renew
-
(0 ratings)
9.1
(1 ratings)
Usability
8.0
(1 ratings)
8.0
(5 ratings)
Support Rating
8.2
(2 ratings)
7.1
(4 ratings)
User Testimonials
Black Duck Software Composition Analysis (SCA)Tenable Nessus
Likelihood to Recommend
Synopsys
If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production
Verified User
Anonymous
Read full review
Tenable
It is an excellent tool for scanning servers, workstations, and network devices to identify missing patches and misconfiguration; we regularly use it to confirm patch effectiveness after the update; it also helps us for preparing audits such as iso 27001, and regulatory requirements, it also helps us to identify open ports and services that violate security.
AG
Akhilesh Ghosh
VAPT-Teamlead
Read full review
Pros
Synopsys
  • Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
  • Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
  • Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Rajiv Aradhyula | TrustRadius Reviewer
Rajiv Aradhyula
Sr. Specialist Cloud Architect
Read full review
Tenable
  • Nessus is best at performing vulnerability scans, in fact, it gives findings and moreover accurate findings of the assessments. It does not do penetration testing or exploit the vulnerabilities because it is concerned about scanning the systems/applications.
  • In fact, Nessus has multiple profiles/policies to perform different types of scans such as, scans oriented for PCI-DSS, malware scans, web application scans, bad shell shock detection scan to name a few.
  • Nessus has the ability to classify the vulnerabilities into risk-based categories from critical to even informational which I think is one of the things that separates Nessus from other vulnerability scanners.
Tejas Gandhi | TrustRadius Reviewer
Tejas Gandhi
Associate Security Consultant
Read full review
Cons
Synopsys
  • License model based on usage is costly.
  • Documentation is extensive, but often confusing.
  • Black Duck Hub could use some feature improvements for more robust governance capabilities
Emmanuel Canaan | TrustRadius Reviewer
Emmanuel Canaan
Project Manager, Technology Operations
Read full review
Tenable
  • The tool has lots of options for setting up before scanning any device, this methodology could be simplified further with default configuration for various devices predefined, anyhow we can use this technique by making use of policies.
  • For advanced users we cannot disable the plugins inside the plugin groups, we can enable the whole set of plugins at a time, for few hundreds its ok, but thousands of plugins are of waste of resource and time.
SZ
Sohail Zende
Network Security Consultant
Read full review
Likelihood to Renew
Synopsys
No answers on this topic
Tenable
Nessus is best and easy to use application for Vulnerabilities finding and reporting, it has multiple platforms and wide scope covering almost all devices for security improvement so far, thus we are very likely to continue its services.
SZ
Sohail Zende
Network Security Consultant
Read full review
Usability
Synopsys
If you don’t know how to scan for the language, it isn’t entirely user friendly
Suzanne Desmond | TrustRadius Reviewer
Suzanne Desmond
Cloud DevOps Engineer
Read full review
Tenable
Tenable Nessus is a great product and provides a lot of value, but it is difficult to set up and use and the amount of data it generates can be overwhelming. It does help us prioritize based on the severity of the detection, however there are sometimes mitigating factors that we have implemented that Nessus does not account for, which causes lots of noise in the reports.
Verified User
Anonymous
Read full review
Support Rating
Synopsys
Support seems very responsive.
Verified User
Anonymous
Read full review
Tenable
I haven't needed to contact support yet. But issues are easily solved with a quick internet search which means support and by extension, the larger community are involved and knowledgeable.
Verified User
Anonymous
Read full review
Alternatives Considered
Synopsys
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Rajiv Aradhyula | TrustRadius Reviewer
Rajiv Aradhyula
Sr. Specialist Cloud Architect
Read full review
Tenable
Sometimes when we identify a vulnerability with Nessus that has an exploit, we made a proof of concept with Metasploit in order to show to the IT managers the importance of the software/hardware hardening.
Omar Israel Sánchez Monroy | TrustRadius Reviewer
Omar Israel Sánchez Monroy
Auditor de Seguridad de la Información
Read full review
Return on Investment
Synopsys
  • It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.
Emmanuel Canaan | TrustRadius Reviewer
Emmanuel Canaan
Project Manager, Technology Operations
Read full review
Tenable
  • Nessus certainly has a positive impact while me while performing my job, either as security research, or performing vulnerability assessments for clients. It gives a lot of information about the system/application after performing scans. The number of false positives is also less compared to other vulnerability scanners.
  • The professional edition is very useful as policy templates available in this edition are very handy and useful even to perform compliance scan like PCI DSS scan.
  • Also, the ability to export the scan results into reports in formats like HTML, PDF is very useful which could be for performing system/application reviews.
Tejas Gandhi | TrustRadius Reviewer
Tejas Gandhi
Associate Security Consultant
Read full review
ScreenShots

Black Duck Software Composition Analysis (SCA) Screenshots

Screenshot of Black Duck helps you find and fix your highest-priority vulnerabilitiesScreenshot of Use Black Duck to comply with open source license obligations and to verify compliance with all open source license termsScreenshot of Black Duck automatically creates tickets in your activity tracking applications like Jira for both policy violations and vulnerabilitiesScreenshot of Black Duck's vulnerability ImpactAnalysis indicates whether a vulnerability is actually being called by your applicationScreenshot of The Black Duck security advisory gives the information you need to address security risks and make the fixScreenshot of Black Duck generates a Bill of Materials which gives you a complete and detailed inventory of all open source identified in your codebase