Try our new research platform with insights from 80,000+ expert users
Black Duck Logo

Black Duck pros and cons

Vendor: Black Duck
3.8 out of 5
Badge Ranked 1
785 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Black Duck auto analyzes components, highlighting developers' efforts from an intellectual property perspective.
It offers extensive vulnerability scanning which is easy for users to handle.
Black Duck seamlessly integrates to scan Docker binary files, presenting immediate updates on new vulnerabilities.
It provides comprehensive scans and evaluations of open-source software, enhancing security risk management.
Installation of Black Duck is notably straightforward, enhancing user experience with minimal setup effort.

CONS

Black Duck pricing is high compared to competitors, which can be a deterrent for companies that don't scan frequently.
Black Duck integration with IntelliJ IDEA and other development tools is limited, hampering workflow efficiency.
Customers express concern over Black Duck's cloud-only nature, desiring an on-premise option for enhanced security and flexibility.
Black Duck's scanning speed and results consistency can be improved, affecting DevSecOps integration and deployment.
Integration between Coverity and Black Duck Hub lacks seamlessness, and a unified offering would benefit companies that depend on both tools.
 

Black Duck Pros review quotes

TO
May 28, 2019
It highlights what the developers have done, and it shows the impact from an intellectual property point of view.
ZR
Jan 15, 2020
I like the fact that the product auto analyzes components.
reviewer1472997 - PeerSpot reviewer
Dec 15, 2020
The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Sagar Mody - PeerSpot reviewer
Apr 12, 2024
We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.
Alina-Eugenia Negulescu - PeerSpot reviewer
Aug 25, 2023
Policy management is a valuable feature.
Aaron  P - PeerSpot reviewer
Sep 15, 2023
The UI is the solution's most valuable feature since it allows for easy pipeline integration.
reviewer1421445 - PeerSpot reviewer
Sep 27, 2020
The solution works well on Mac products.
reviewer1361340 - PeerSpot reviewer
Apr 19, 2024
The cloud option of the product is always available and a positive aspect of the solution.
reviewer1361340 - PeerSpot reviewer
Jun 7, 2020
The stability is okay.
JR
Aug 26, 2021
Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.
 

Black Duck Cons review quotes

TO
May 28, 2019
I would like to see more integration with other solutions, such as IntelliJ IDEA.
ZR
Jan 15, 2020
The scanner client is limited by the size of software it can handle.
reviewer1472997 - PeerSpot reviewer
Dec 15, 2020
It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Sagar Mody - PeerSpot reviewer
Apr 12, 2024
It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow.
Alina-Eugenia Negulescu - PeerSpot reviewer
Aug 25, 2023
The documentation is quite scattered.
Aaron  P - PeerSpot reviewer
Sep 15, 2023
The solution's pricing model and documentation areas of concern where improvement is needed.
reviewer1421445 - PeerSpot reviewer
Sep 27, 2020
We're not too sure about the extension of the firewall. It never shows up in the Hub.
reviewer1361340 - PeerSpot reviewer
Apr 19, 2024
The tool's documentation and support are areas of concern where improvements are required.
reviewer1361340 - PeerSpot reviewer
Jun 7, 2020
It needs to be more user-friendly for developers and in general, to ensure compliance.
JR
Aug 26, 2021
We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck.