Item: Black Duck Software Composition Analysis (SCA)
Rating: 10
Author: Rajiv Aradhyula

Use Cases and Deployment Scope

Black Duck provides our complete organization an easy way to manage our open source components used in our code repositories. It promisingly keeps track of the security vulnerabilities or license management, where I do not have to worry where to check for the vulnerabilities and open source components license issues which can be devastating. And with Black Duck, I now stay on top in managing my open source code. Black Duck orchestrates and allows us the visibility and control we need to manage and control open source components.

Pros and Cons

Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.

Governance: I am expecting better governance of teams. I have various teams using the capacity. And I am quite unsure or have to spend more time in figuring out which team is using how much.
Tenancy: Black Duck can come up with something called tenancy. Like team A, a separate hyperlink for them. A kind of a zone where the admins or users have complete view of team A.

Return on Investment

Increased time to market
Dwells well with devops
Significantly negates the speck of a chance of security risks in a software release
Orchestrates the policies

Alternatives Considered

Vega

Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has.

Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.

Other Software Used

VMware ESXi, VMware NSX, VMware Service Manager, VMware Business Continuity & Disaster Recovery, Cisco Unified Computing System Manager, Cisco UCS B-Series, Cisco UCS C-Series, EMC Clariion CX4 Series, Dell EMC Unity, EMC Documentum, Data Domain, JIRA Software, Jenkins, Atlassian Confluence, Bitbucket, Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service, AWS Elastic Beanstalk, AWS Lambda, Microsoft Azure, Microsoft Access, Azure SQL Database, Azure API Management

Likelihood to Recommend

Well Suited:
1. Easily come out of pain to manage open source components. No worries, Black Duck is to the rescue, it takes care of your open source components in terms of license and security
2. SecOps eased with the super Black Duck

Less Suited:
I can't really come up with a scenario, where it can be less suited. Until you stop using open source components in your code. Which is quite impossible.

Support Rating

I have a very strong reason for the very best rating. Usually, Black Duck support is quick enough and they continuously keep me updated about the status if some issue is taking time for them to resolve. Overall, I am happy with the response I get from t customer care.

I was planning an upgrade and I ran into an issue as the migrated Postgres database does not get identified by the new version of the hub. And all the projects, scans and the huge amount of work we put in comments under version are all lost. I immediately opened a case in the Black Duck customer portal. And in no time, I get a message back from the support for a quick WebEx session. And support was able to help me and my weekend was saved. Thank you for the quick support Black Duck. Appreciate it. I also have some questions on using Black Duck in an optimal way. I get helpful replies quick enough.

Black Duck Software Composition Analysis (SCA) Customer Support Pros and Cons

Pros	Cons
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response	None

SecOps made easy!!!

Overall Satisfaction with Black Duck Suite