We're primarily using the solution for compliance. It's part of an audit process.
Former SVP at a manufacturing company with 5,001-10,000 employees
Good security, but creates a lot of manual work and needs better scanning capabilities
Pros and Cons
- "The solution works well on Mac products."
- "We're not too sure about the extension of the firewall. It never shows up in the Hub."
What is our primary use case?
What is most valuable?
The solution has some pretty good features on offer.
It helps protect our information. It has good security.
The solution works well on Mac products.
What needs improvement?
The solution requires us to manually identify codes and other forms of identification, and this takes up a lot of time. The patterns the solution uses for identification need to be constantly reviewed by our team. There's also no time stamps. Everything needs to be reviewed. It takes double the time to identify things. Features just don't come up in the Hub.
We'd like to be able to authenticate through our two companies.
We're not too sure about the extension of the firewall. It never shows up in the Hub.
The Hub doesn't like that we have binary sides, so, once again, we need to check everything, meaning we get double the work.
The scanning aspect of the resolution needs to be improved. Right now, as it is, it's not okay.
It would be ideal if the solution offered features to add one or more components to a file.
For how long have I used the solution?
We've been using the solution for three years at this point. It's been a while.
Buyer's Guide
Black Duck
November 2024
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable. We find it pretty reliable in that sense. It doesn't crash or freeze. It doesn't have bugs or glitches.
That said, if a company is moving from any other tool to the Hub, it's not a good idea to move the Hub itself as there are a few bugs in that scenario.
What do I think about the scalability of the solution?
I can't comment on the scalability. I've never personally tried to scale the solution.
Currently, we have 300-400 people using it in our organization.
How are customer service and support?
The technical support has been fine. They help us a lot and we actually find them to be quite helpful. They will alert us when items become available or when new features are coming. We may not know how long it will take, however, we will know they are on the way.
Which solution did I use previously and why did I switch?
We didn't previously work with a different solution. Black Duck has been our first technology for these types of tasks. As we are using it for an audit, I basically just learned the tool and started applying it to the process. I don't know how to use any other tool for this purpose.
However, the company is currently migrating from another Hub to Black Duck Hub.
How was the initial setup?
The initial setup is unique. We're actually migrating from our current Hub to Black Duck Hub. It has its own specific challenges.
What's my experience with pricing, setup cost, and licensing?
I'm not sure of what the exact pricing is for the solution. That's not something I handle. My company deals with those aspects of the solution.
What other advice do I have?
We're just a customer. We don't have a business relationship with Black Duck.
I'm not sure how the solution is deployed within our organization (whether it's cloud or on-premises).
We've had to migrate our current Hub to Black Duck Hub, which is not efficient for the identification process. We do projects. Due to our identification process, it's not as accurate as we'd like.
Overall, I'd rate the solution six out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Project Manager at TRIVIUM ESOLUTIONS PRIVATE LIMITED
A stable and scalable solution but priced higher than competitors
Pros and Cons
- "The solution is stable."
- "The product's pricing is higher compared to other competitor products."
What needs improvement?
The product's pricing is higher compared to other competitor products.
For how long have I used the solution?
I am using the product for a year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The tool is scalable.
What other advice do I have?
I would rate the product a nine out of ten. We mostly have enterprise customers for the solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Black Duck
November 2024
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
Lead Product Enginner at Harman International Industries, Incorporated
Stable, with good vulnerability scanning, and it's priced well
Pros and Cons
- "The most valuable feature is the vulnerability scanning, and that it's easy to use."
- "The initial setup could be simplified. It was somewhat complex."
What is our primary use case?
We are using this solution for software analysis and vulnerability scanning.
What is most valuable?
The most valuable feature is the vulnerability scanning, and that it's easy to use.
What needs improvement?
The initial setup could be simplified. It was somewhat complex.
In the next release, I would like to see packet analysis and binary analysis included as features.
For how long have I used the solution?
We have been using Black Duck for approximately four years.
What do I think about the stability of the solution?
We have not had any issues with stability.
It's a stable solution.
What do I think about the scalability of the solution?
The number of users on the project depends on the license and the project.
How are customer service and technical support?
I am from the DevOps team and have not had any contact with technical support. It's not an area that I am a part of.
If I have any issues, I escalate them to our team and they reach out to technical support.
Which solution did I use previously and why did I switch?
Previously, we did not use any other solution.
How was the initial setup?
The initial setup is complex.
We had some issues finding the report.
The length of deployment is different, it varies on the requirements.
What about the implementation team?
The implementation was done by someone in our company.
The maintenance is done through the vendor.
What's my experience with pricing, setup cost, and licensing?
The price is low. It's not an expensive solution.
What other advice do I have?
This is a product that I would recommend to others.
I would rate Black Duck an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Black Duck Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Software Composition Analysis (SCA)Popular Comparisons
Veracode
GitLab
Mend.io
Sonatype Lifecycle
Fortify Static Code Analyzer
JFrog Xray
FOSSA
CAST Highlight
Checkmarx Software Composition Analysis
ReversingLabs
Polaris Software Integrity Platform
Semgrep
Sonatype Repository Firewall
Apiiro
Buyer's Guide
Download our free Black Duck Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does WhiteSource compare with Black Duck?
- What tools do you rely on for building a DevSecOps pipeline?
- What alternatives are there for Fortify WebInspect and Fortify SCA?
- What is the best way to track open-source license compatibility?
- Differences between Black Duck & Veracode
- What SCA solution do you recommend?
- Is there an SCA solution that finds and fixes vulnerabilities?
- Can I get SCA in my IDE?
- How long does SCA scanning take?
- Why is Software Composition Analysis (SCA) important for companies?