Try our new research platform with insights from 80,000+ expert users

Black Duck pros and cons

Vendor: Black Duck

3.8 out of 5

21 reviews
84% willing to recommend

762 followers

Pros & Cons summary

Black Duck auto analyzes components to enhance security by highlighting impacts and integrates seamlessly with development tools for compliance. The vulnerability scanning feature is user-friendly but lacks integration with IntelliJ IDEA. Despite its extensive knowledge base, limitations include ineffective handling of large software and high pricing. Improved scanning speed, SBOM management, and better integration with tools like Coverity are needed for optimal performance in DevSecOps environments, especially with recent software releases.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Black Duck enhances intellectual property management by highlighting developer contributions and their impact.

The vulnerability scanning feature is highly valuable as it ensures up-to-date detection of vulnerabilities.

Comprehensive knowledge base and effective policy management make it a reliable choice for security risk management.

Seamless integration for scanning Docker binary files with immediate vulnerability updates is a key benefit.

Automated code scanning and integration with development tools improve software compliance and audit readiness.

CONS

Black Duck requires more integration with other solutions such as IntelliJ IDEA and Coverity for comprehensive software analysis.

The scanner's capability is limited by the size of the software it can handle and needs to improve its scanning speed, especially in the DevSecOps pipeline.

Black Duck's pricing is high, making it difficult to justify for less frequent code scanning needs and its complex configuration adds to the challenge.

A lack of on-premise components limits flexibility as organizations must upload code to the Black Duck cloud, raising security concerns.

It lacks SBOM management and exhibits inconsistencies in scanning results along with issues like false positives and container scanning challenges.

Black Duck Pros review quotes

TO

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting

May 28, 2019

It highlights what the developers have done, and it shows the impact from an intellectual property point of view.

Read full review

ZR

Chief Technology Officer (CTO) at FOSSAWARE

Jan 15, 2020

I like the fact that the product auto analyzes components.

Read full review

reviewer1472997

CTO at a computer software company with 11-50 employees

Dec 15, 2020

The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.

Read full review

Free Report: Black Duck Reviews and More

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.

848,716 professionals have used our research since 2012.

Solutions Architect at a tech services company with 10,001+ employees

Apr 12, 2024

We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.

Read full review

Alina-Eugenia Negulescu

Group IT Vendor Management Director at Twoday

Aug 25, 2023

Policy management is a valuable feature.

Read full review

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

Sep 15, 2023

The UI is the solution's most valuable feature since it allows for easy pipeline integration.

Read full review

reviewer1421445

Former SVP at a manufacturing company with 5,001-10,000 employees

Sep 27, 2020

The solution works well on Mac products.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Apr 19, 2024

The cloud option of the product is always available and a positive aspect of the solution.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Jun 7, 2020

The stability is okay.

Read full review

JR

Jyotiprasad RATH

Head: Open Source Program Office at a financial services firm with 10,001+ employees

Aug 26, 2021

Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.

Read full review

Show 10 more reviews (out of 21)

Black Duck Cons review quotes

TO

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting

May 28, 2019

I would like to see more integration with other solutions, such as IntelliJ IDEA.

Read full review

ZR

Chief Technology Officer (CTO) at FOSSAWARE

Jan 15, 2020

The scanner client is limited by the size of software it can handle.

Read full review

reviewer1472997

CTO at a computer software company with 11-50 employees

Dec 15, 2020

It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.

Read full review

Free Report: Black Duck Reviews and More

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.

848,716 professionals have used our research since 2012.

Solutions Architect at a tech services company with 10,001+ employees

Apr 12, 2024

It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow.

Read full review

Alina-Eugenia Negulescu

Group IT Vendor Management Director at Twoday

Aug 25, 2023

The documentation is quite scattered.

Read full review

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

Sep 15, 2023

The solution's pricing model and documentation areas of concern where improvement is needed.

Read full review

reviewer1421445

Former SVP at a manufacturing company with 5,001-10,000 employees

Sep 27, 2020

We're not too sure about the extension of the firewall. It never shows up in the Hub.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Apr 19, 2024

The tool's documentation and support are areas of concern where improvements are required.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Jun 7, 2020

It needs to be more user-friendly for developers and in general, to ensure compliance.

Read full review

JR

Jyotiprasad RATH

Head: Open Source Program Office at a financial services firm with 10,001+ employees

Aug 26, 2021

We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck.

Read full review

Show 10 more reviews (out of 21)

Product Categories

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons

GitLab vs Black Duck

Snyk vs Black Duck

Veracode vs Black Duck

Mend.io vs Black Duck

Sonatype Lifecycle vs Black Duck

JFrog Xray vs Black Duck

Semgrep vs Black Duck

FOSSA vs Black Duck

CAST Highlight vs Black Duck

Polaris Software Integrity Platform vs Black Duck

ReversingLabs vs Black Duck

Checkmarx Software Composition Analysis vs Black Duck

Apiiro vs Black Duck

Cycode vs Black Duck

Sonatype Repository Firewall vs Black Duck

See all alternatives

Product Categories

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons

GitLab vs Black Duck

Snyk vs Black Duck

Veracode vs Black Duck

Mend.io vs Black Duck

Sonatype Lifecycle vs Black Duck

JFrog Xray vs Black Duck

Semgrep vs Black Duck

FOSSA vs Black Duck

CAST Highlight vs Black Duck

Polaris Software Integrity Platform vs Black Duck

ReversingLabs vs Black Duck

Checkmarx Software Composition Analysis vs Black Duck

Apiiro vs Black Duck

Cycode vs Black Duck

Sonatype Repository Firewall vs Black Duck

See all alternatives

Related questions

436

How does WhiteSource compare with Black Duck?

68

What tools do you rely on for building a DevSecOps pipeline?

53

What alternatives are there for Fortify WebInspect and Fortify SCA?

54

What is the best way to track open-source license compatibility?

64

How long does SCA scanning take?

129

Why is Software Composition Analysis (SCA) important for companies?

114

Differences between Black Duck & Veracode

18

What SCA solution do you recommend?

13

Is there an SCA solution that finds and fixes vulnerabilities?

19

Can I get SCA in my IDE?