Try our new research platform with insights from 80,000+ expert users

Black Duck pros and cons

Vendor: Black Duck

3.8 out of 5

20 reviews
83% willing to recommend

792 followers

Pros & Cons summary

Black Duck auto analyzes components and offers extensive scanning capabilities for robust security risk management. It integrates seamlessly into environments to scan Docker and open-source software while identifying license issues and consolidating component use. However, it lacks integration with IntelliJ IDEA, the scanner can be slow, prices are high, documentation is scattered, and as a cloud-only solution, code must be uploaded, potentially inconvenient for those preferring on-prem options.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Black Duck auto analyzes components, highlighting developers' efforts from an intellectual property perspective.

It offers extensive vulnerability scanning which is easy for users to handle.

Black Duck seamlessly integrates to scan Docker binary files, presenting immediate updates on new vulnerabilities.

It provides comprehensive scans and evaluations of open-source software, enhancing security risk management.

Installation of Black Duck is notably straightforward, enhancing user experience with minimal setup effort.

CONS

Black Duck pricing is high compared to competitors, which can be a deterrent for companies that don't scan frequently.

Black Duck integration with IntelliJ IDEA and other development tools is limited, hampering workflow efficiency.

Customers express concern over Black Duck's cloud-only nature, desiring an on-premise option for enhanced security and flexibility.

Black Duck's scanning speed and results consistency can be improved, affecting DevSecOps integration and deployment.

Integration between Coverity and Black Duck Hub lacks seamlessness, and a unified offering would benefit companies that depend on both tools.

Black Duck Pros review quotes

TO

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting

May 28, 2019

It highlights what the developers have done, and it shows the impact from an intellectual property point of view.

Read full review

ZR

Chief Technology Officer (CTO) at FOSSAWARE

Jan 15, 2020

I like the fact that the product auto analyzes components.

Read full review

reviewer1472997

CTO at a computer software company with 11-50 employees

Dec 15, 2020

The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.

Read full review

Free Report: Black Duck Reviews and More

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

845,040 professionals have used our research since 2012.

Solutions Architect at a tech services company with 10,001+ employees

Apr 12, 2024

We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.

Read full review

Alina-Eugenia Negulescu

Group IT Vendor Management Director at Twoday

Aug 25, 2023

Policy management is a valuable feature.

Read full review

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

Sep 15, 2023

The UI is the solution's most valuable feature since it allows for easy pipeline integration.

Read full review

reviewer1421445

Former SVP at a manufacturing company with 5,001-10,000 employees

Sep 27, 2020

The solution works well on Mac products.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Apr 19, 2024

The cloud option of the product is always available and a positive aspect of the solution.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Jun 7, 2020

The stability is okay.

Read full review

JR

Jyotiprasad RATH

Head: Open Source Program Office at a financial services firm with 10,001+ employees

Aug 26, 2021

Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.

Read full review

Show 10 more reviews (out of 20)

Black Duck Cons review quotes

TO

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting

May 28, 2019

I would like to see more integration with other solutions, such as IntelliJ IDEA.

Read full review

ZR

Chief Technology Officer (CTO) at FOSSAWARE

Jan 15, 2020

The scanner client is limited by the size of software it can handle.

Read full review

reviewer1472997

CTO at a computer software company with 11-50 employees

Dec 15, 2020

It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.

Read full review

Free Report: Black Duck Reviews and More

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

845,040 professionals have used our research since 2012.

Solutions Architect at a tech services company with 10,001+ employees

Apr 12, 2024

It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow.

Read full review

Alina-Eugenia Negulescu

Group IT Vendor Management Director at Twoday

Aug 25, 2023

The documentation is quite scattered.

Read full review

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

Sep 15, 2023

The solution's pricing model and documentation areas of concern where improvement is needed.

Read full review

reviewer1421445

Former SVP at a manufacturing company with 5,001-10,000 employees

Sep 27, 2020

We're not too sure about the extension of the firewall. It never shows up in the Hub.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Apr 19, 2024

The tool's documentation and support are areas of concern where improvements are required.

Read full review

reviewer1361340

Project Lead at ABB Enterprise Software Group

Jun 7, 2020

It needs to be more user-friendly for developers and in general, to ensure compliance.

Read full review

JR

Jyotiprasad RATH

Head: Open Source Program Office at a financial services firm with 10,001+ employees

Aug 26, 2021

We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck.

Read full review

Show 10 more reviews (out of 20)

Product Categories

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons

GitLab vs Black Duck

Snyk vs Black Duck

Veracode vs Black Duck

Mend.io vs Black Duck

Sonatype Lifecycle vs Black Duck

JFrog Xray vs Black Duck

Semgrep vs Black Duck

FOSSA vs Black Duck

CAST Highlight vs Black Duck

Polaris Software Integrity Platform vs Black Duck

Checkmarx Software Composition Analysis vs Black Duck

ReversingLabs vs Black Duck

Apiiro vs Black Duck

Cycode vs Black Duck

Sonatype Repository Firewall vs Black Duck

See all alternatives

Product Categories

Product Categories

Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons

GitLab vs Black Duck

Snyk vs Black Duck

Veracode vs Black Duck

Mend.io vs Black Duck

Sonatype Lifecycle vs Black Duck

JFrog Xray vs Black Duck

Semgrep vs Black Duck

FOSSA vs Black Duck

CAST Highlight vs Black Duck

Polaris Software Integrity Platform vs Black Duck

Checkmarx Software Composition Analysis vs Black Duck

ReversingLabs vs Black Duck

Apiiro vs Black Duck

Cycode vs Black Duck

Sonatype Repository Firewall vs Black Duck

See all alternatives

Related questions

477

How does WhiteSource compare with Black Duck?

76

What tools do you rely on for building a DevSecOps pipeline?

64

What alternatives are there for Fortify WebInspect and Fortify SCA?

61

What is the best way to track open-source license compatibility?

62

How long does SCA scanning take?

108

Why is Software Composition Analysis (SCA) important for companies?

132

Differences between Black Duck & Veracode

19

What SCA solution do you recommend?

12

Is there an SCA solution that finds and fixes vulnerabilities?

16

Can I get SCA in my IDE?