Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
N/A
Pricing
Black Duck Software Composition Analysis (SCA)
Editions & Modules
No answers on this topic
Offerings
Pricing Offerings
Black Duck Software Composition Analysis (SCA)
Free Trial
No
Free/Freemium Version
No
Premium Consulting/Integration Services
Yes
Entry-level Setup Fee
Optional
Additional Details
Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
Chose Black Duck Software Composition Analysis (SCA)
Black Duck had similar capabilities to other vendors in the industry but where they come out on top is their extensive catalog of known open source in their knowledge base.
Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.