Try our new research platform with insights from 80,000+ expert users

Black Duck pros and cons

Vendor: Black Duck

3.9 out of 5

19 reviews
82% willing to recommend

782 followers

Pros & Cons summary

Black Duck auto-analyzes components, is easy to install, and performs well on Mac. It offers extensive scan reserves, valuable vulnerability scanning with immediate updates, and a robust knowledge base. It effectively evaluates open source software, including binary files, but is limited by software size. Initial setup is complex, and its cloud-only nature lacks on-prem options. Pricing is higher than others, and documentation is scattered.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Black Duck automatically analyzes components and is especially effective at vulnerability scanning.

The software is compatible with Mac products and offers an easy installation process.

Black Duck has a comprehensive and extensive database that supports robust management and policy management features.

Integration capabilities allow Black Duck to seamlessly scan Docker binary files, ensuring immediate updates on vulnerabilities.

Black Duck provides tools for scanning and evaluating open-source software, enabling better security in other applications.

CONS

The scanner client is limited by the size of software it can handle.

The initial setup could be simplified and is somewhat complex.

It is a cloud-only solution and lacks an on-prem component for code scanning.

Black Duck requires more native integration with Coverity for unified reports.

Pricing is high compared to competitors and can be costly for infrequent use.

Black Duck Pros review quotes

TO

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting

May 28, 2019

It highlights what the developers have done, and it shows the impact from an intellectual property point of view.

Read full review

ZR

Chief Technology Officer (CTO) at FOSSAWARE

Jan 15, 2020

I like the fact that the product auto analyzes components.

Read full review

CV

reviewer1472997

CTO at a computer software company with 11-50 employees

Dec 15, 2020

The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.

Read full review

Free Report: Black Duck Reviews and More

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

814,649 professionals have used our research since 2012.

Solutions Architect at a tech services company with 10,001+ employees

Apr 12, 2024

We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.

Read full review

Alina-Eugenia Negulescu

Group IT Vendor Management Director at Twoday

Aug 25, 2023

Policy management is a valuable feature.

Read full review

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

Sep 15, 2023

The UI is the solution's most valuable feature since it allows for easy pipeline integration.

Read full review

SK

reviewer1421445

Former SVP at a manufacturing company with 5,001-10,000 employees

Sep 27, 2020

The solution works well on Mac products.

Read full review

SK

reviewer1361340

Project Lead at ABB Enterprise Software Group

Apr 19, 2024

The cloud option of the product is always available and a positive aspect of the solution.

Read full review

SK

reviewer1361340

Project Lead at ABB Enterprise Software Group

Jun 7, 2020

The stability is okay.

Read full review

JR

Jyotiprasad RATH

Head: Open Source Program Office at a financial services firm with 10,001+ employees

Aug 26, 2021

Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.

Read full review

Show 9 more reviews (out of 19)

Black Duck Cons review quotes

TO

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting

May 28, 2019

I would like to see more integration with other solutions, such as IntelliJ IDEA.

Read full review

ZR

Chief Technology Officer (CTO) at FOSSAWARE

Jan 15, 2020

The scanner client is limited by the size of software it can handle.

Read full review

CV

reviewer1472997

CTO at a computer software company with 11-50 employees

Dec 15, 2020

It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.

Read full review

Free Report: Black Duck Reviews and More

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

814,649 professionals have used our research since 2012.

Solutions Architect at a tech services company with 10,001+ employees

Apr 12, 2024

It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow.

Read full review

Alina-Eugenia Negulescu

Group IT Vendor Management Director at Twoday

Aug 25, 2023

The documentation is quite scattered.

Read full review

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

Sep 15, 2023

The solution's pricing model and documentation areas of concern where improvement is needed.

Read full review

SK

reviewer1421445

Former SVP at a manufacturing company with 5,001-10,000 employees

Sep 27, 2020

We're not too sure about the extension of the firewall. It never shows up in the Hub.

Read full review

SK

reviewer1361340

Project Lead at ABB Enterprise Software Group

Apr 19, 2024

The tool's documentation and support are areas of concern where improvements are required.

Read full review

SK

reviewer1361340

Project Lead at ABB Enterprise Software Group

Jun 7, 2020

It needs to be more user-friendly for developers and in general, to ensure compliance.

Read full review

JR

Jyotiprasad RATH

Head: Open Source Program Office at a financial services firm with 10,001+ employees

Aug 26, 2021

We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck.

Read full review

Show 9 more reviews (out of 19)

Product Categories

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons

Veracode vs Black Duck

GitLab vs Black Duck

Snyk vs Black Duck

Mend.io vs Black Duck

Sonatype Lifecycle vs Black Duck

Fortify Static Code Analyzer vs Black Duck

JFrog Xray vs Black Duck

FOSSA vs Black Duck

CAST Highlight vs Black Duck

Checkmarx Software Composition Analysis vs Black Duck

ReversingLabs vs Black Duck

Polaris Software Integrity Platform vs Black Duck

Semgrep vs Black Duck

Sonatype Repository Firewall vs Black Duck

Apiiro vs Black Duck

See all alternatives

Product Categories

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons

Veracode vs Black Duck

GitLab vs Black Duck

Snyk vs Black Duck

Mend.io vs Black Duck

Sonatype Lifecycle vs Black Duck

Fortify Static Code Analyzer vs Black Duck

JFrog Xray vs Black Duck

FOSSA vs Black Duck

CAST Highlight vs Black Duck

Checkmarx Software Composition Analysis vs Black Duck

ReversingLabs vs Black Duck

Polaris Software Integrity Platform vs Black Duck

Semgrep vs Black Duck

Sonatype Repository Firewall vs Black Duck

Apiiro vs Black Duck

See all alternatives

Related questions

753

How does WhiteSource compare with Black Duck?

195

What tools do you rely on for building a DevSecOps pipeline?

113

What alternatives are there for Fortify WebInspect and Fortify SCA?

77

What is the best way to track open-source license compatibility?

210

Differences between Black Duck & Veracode

32

What SCA solution do you recommend?

9

Is there an SCA solution that finds and fixes vulnerabilities?

16

Can I get SCA in my IDE?

48

How long does SCA scanning take?

14

Why is Software Composition Analysis (SCA) important for companies?