Black Duck logo

Black Duck

0(0 reviews)
Software Status:Active

About Black Duck

Black Duck by Synopsys is a software composition analysis platform that identifies open source dependencies, security risks, and license obligations. It scans codebases for direct and transitive dependencies, evaluates vulnerabilities, and enforces policy controls across the SDLC. SBOM management helps teams document software components, while integrations with IDEs, CI tools, and repositories keep scans aligned with developer workflows. Reporting highlights risk trends and compliance status. The platform is designed for organizations that need enterprise-grade open source security and license governance. Key capabilities: Dependency and SBOM analysis Vulnerability and risk assessment License compliance management Policy enforcement across SDLC IDE and CI integrations Best for: Enterprises managing open source risk and compliance.

Black Duck Details

Vendor
Synopsys
Year Launched
2002
Location
675 Almanor Ave Sunnyvale, CA 94085
Deployment
cloud, on premise, windows, linux
Training Options
documentation, videos, live online, in person
Countries Served
All Countries
Languages
German, English, Finnish, French, Irish, Hindi, Japanese, Korean, Dutch, Norwegian, Swedish, Chinese (Simplified)
Users
Software Development Teams, Security and Compliance Teams, DevOps Teams
Industries Served
Technology, Finance, Healthcare, Government, Retail, Telecommunications, Automotive, Manufacturing
Tags
Application Performance Management, Computer Security, Synopsis, Black Duck

Black Duck's In-App Market Place

Does Black Duck have an in-app market place?

Yes

How many Mini-Apps in the marketplace?

1

Mini Apps

N/A

Pricing Options

Free trial
Free version
Request a quote
Promo Offer

Accepted Payment Currencies

Usd ($)

Pros & Cons

  • Ease of Identifying and Managing Open Source Code: Black Duck excels at identifying and managing open source components, making it easier to examine source code for vulnerabilities, including hidden security issues.
  • Integration Capabilities: The platform integrates seamlessly with other services, such as ticketing systems, enhancing its functionality and making it easier to get additional information about identified vulnerabilities.
  • Positive User Experience: Users generally report a positive experience with Black Duck, appreciating its comprehensive features and reliability.
  • Support for Automated Build Processes: Engineers appreciate the tool’s support for automated build processes, which aligns with modern development practices and enhances efficiency.
  • Upgrade Challenges: Some users have experienced difficulties with upgrades, noting that the process can be cumbersome and akin to reinstalling the system from scratch.
  • Documentation Gaps: There are reports of missing information in the documentation, which can be a hurdle for IT departments requiring detailed guidance.
  • Lack of Comment and Change History: The platform does not maintain a history of comments or changes, making it challenging to track updates across different versions of a project or shared components.
  • False Alarms: Users have noted a significant number of false alarms, indicating that the database could benefit from updates to improve accuracy.
  • Complex Upgrade Process: Upgrading the system is described as a major undertaking, requiring substantial effort and time.

Black Duck's Support Options

Black Duck's Alternatives