Black Duck Review

Black Duck is an open source management software used by Web developers and legal and security teams to discover, track and manage vulnerabilities and license compliance. It uses unique multi-factor detection technology to ensure security in code, binaries and content and allows the user to set open source security and use its policies.
Black Duck automatically scans vulnerabilities and produces a comprehensive database bill to track identified risks. With the solution, your organization will benefit from using the Black Duck Knowledge Base, which contains over 4.5 million open source projects and 2,750 licenses, providing the most comprehensive security coverage in the industry.

BLACK DUCK – TUTORIAL

BLACK DUCK – FEATURES

• IDE integrations: these plug-ins automatically scan open source components as you pull them into your code, allowing you to look up component security information and take remediation steps even before you check in your code.
• Package managers and build tools: with the solution you can augment open source discovery and binary file scanning with dependency information obtained from the build environment itself. Automates the collection and reporting of project dependencies, combining data from both sources into a highly complete and accurate open source bill of materials (BoM).
• Bug and issue tracking integrations: bug and issue tracking integrations allow you to generate, track, and manage issues (a.k.a. tickets) related to policy violations and security alerts natively in the systems you already use to manage your development and testing work.
• Binary repositories: binary repository integrations help you ensure that the code artifacts your developers are using comply with open source use policies and are free from known vulnerabilities. These plugins scan artifacts already in the repository as well as those being added, preventing noncompliant artifacts from entering or propagating.
• Application security suites: give users a “single pane of glass” view of application vulnerabilities across both the custom code and open source components that make up their applications. This integrated view of open source vulnerabilities with static application security testing (SAST) results helps teams prioritize and track remediation efforts across the entire application codebase.
• Programming interface: in addition to the pre-built integrations, you can also develop your own custom integrations using a rich set of REST APIs, which support a wide range of configuration, automation, policy management, and alerting capabilities. Application security suites: offer users a “one-panel” view of application vulnerabilities in both custom code and the open source components that make up their applications. This integrated view of open source vulnerabilities with static application security test results helps teams prioritize and track remediation efforts across the entire application code base.