Skip to main content
TrustRadius
Black Duck Software Composition Analysis (SCA)

Black Duck Software Composition Analysis (SCA)

Overview

What is Black Duck Software Composition Analysis (SCA)?

Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.

Read more
Recent Reviews

TrustRadius Insights

Black Duck is a software tool that proves to be invaluable for businesses in various industries. According to user experiences, the …
Continue reading
Read all reviews
Return to navigation

Product Details

What is Black Duck Software Composition Analysis (SCA)?

Black Duck® by Synopsys software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.

Black Duck gives users visibility into third-party code, enabling them to control it across the software supply chain and throughout the application life cycle.

Black Duck Software Composition Analysis (SCA) Features

  • Supported: Find and fix security vulnerabilities at each stage in the SDLC, with detailed, vulnerability-specific remediation guidance and technical insight.
  • Supported: Address the risk of open source license noncompliance and safeguard your intellectual property by using the industry’s largest open source knowledge base to identify the license obligations obligated by the open source in your applications (including partial, snippets of code copied into applications).
  • Supported: Avoid development cost overruns and combat code decay with operational risk metrics associated with poor open source code quality.
  • Supported: Scan virtually any software, firmware, source code, and binary files to generate a comprehensive bill of materials (BOM).
  • Supported: Automatically monitor for new vulnerabilities that affect your BOM, with custom policies and workflow triggers to accelerate remediation and reduce your risk exposure.

Black Duck Software Composition Analysis (SCA) Screenshots

Screenshot of Black Duck helps you find and fix your highest-priority vulnerabilitiesScreenshot of Use Black Duck to comply with open source license obligations and to verify compliance with all open source license  termsScreenshot of Black Duck automatically creates tickets in your activity tracking applications like Jira for both policy violations and vulnerabilitiesScreenshot of Black Duck's vulnerability ImpactAnalysis indicates whether a vulnerability is actually being called by your applicationScreenshot of The Black Duck security advisory gives the information you need to address security risks and make the fixScreenshot of Black Duck generates a Bill of Materials which gives you a complete and detailed inventory of all open source identified in your codebaseScreenshot of Configure and customize to your company's specific security and license policiesScreenshot of Black Duck integrates with other tools to find and scan your codebase

Black Duck Software Composition Analysis (SCA) Video

Black Duck Software Composition Analysis (SCA) Competitors

Black Duck Software Composition Analysis (SCA) Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(12)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Black Duck is a software tool that proves to be invaluable for businesses in various industries. According to user experiences, the product offers a wide range of use cases, ensuring timely and accurate code analysis through its dedicated support team. This means that any problems encountered can be resolved promptly, minimizing downtime and improving overall efficiency.

One of the major use cases of Black Duck is auditing source code to protect against license and open source compliance issues. The software has proven itself by quickly comparing identified inventory to its extensive knowledge base, highlighting any vulnerabilities and license concerns within the code. What sets Black Duck apart is its ability to efficiently identify vulnerabilities even in small-sized code from random sources.

Over time, Black Duck has been instrumental in reducing rework for businesses by detecting vulnerabilities before leveraging open source code. It seamlessly integrates into the CI/CD pipeline, allowing for the detection of vulnerabilities and efficient creation of Jira issues. As a result, it aids in keeping systems secure and compliant while saving valuable time and resources.

Black Duck's utility extends beyond security concerns. It assists in managing software licenses and ensures that open source components are being used responsibly. By generating an inventory of open source components, it mitigates legal risks and safeguards intellectual property.

In addition to code security audits and quality analysis, Black Duck also aids in encryption audits, saving both time and money for organizations. It facilitates open source usage governance by monitoring legal, security, and operational risks associated with open source components.

Overall, Black Duck provides users with a sense of security by ensuring enterprise products are free from unauthorized code. Its comprehensive functionalities make it an indispensable tool for businesses seeking to manage their software effectively while maintaining compliance with licensing requirements and minimizing security risks.

Impressive Compliance Features: Users have been impressed with the wide range of features offered by Black Duck for ensuring legal and security compliance with third-party software. They have mentioned that it efficiently analyzes code in a timely and accurate manner, helping to identify any potential issues.

User-Friendly Interface: Reviewers have praised the intuitive and easy-to-navigate user interface of Black Duck, stating that it enhances their ability to effectively navigate and utilize the software. This streamlined interface makes it easier for users to find the information they need quickly.

Thorough Analysis Capabilities: Users appreciate the comprehensive analysis capabilities provided by Black Duck, as it excels at identifying various vulnerabilities, bugs, and licensing issues associated with open-source code. The software's extensive knowledge base helps ensure a thorough examination of all components, providing users with confidence in its findings.

Slow and Outdated Performance: Several users have mentioned that the software is slow, outdated in design, and does not meet their expectations. They feel that the user experience is bad due to the sluggish performance of Black Duck Hub.

Expensive Cost: Many users find the cost of the software relatively higher compared to other solutions in the market. This makes it a difficult choice for organizations, especially considering the software's perceived shortcomings.

Inadequate Reporting Functionality: Users express dissatisfaction with the reporting capabilities of Black Duck Hub. They mention that there are no comprehensive reports or a nice user interface. The software expects users to manually analyze raw information and create their own reports without providing any recommendations or insights from third-party vendors.

Users commonly recommend the following when it comes to Black Duck:

  • Try Black Duck, starting from a trial version, because it is well-developed and suited for managing open source components in terms of license and security. (The user)
  • Thoroughly test the trial version of Black Duck to ensure it meets your needs. (The user)
  • Be clear on how well Black Duck operates in your environment, as some users are unsure if issues were caused by Black Duck or a combination with their specific environment. (The user)

Attribute Ratings

Reviews

Companies can't remove reviews or game the system. Here's why

No reviews found

Try adjusting your results by removing or modifying your filters.

Return to navigation