Try our new research platform with insights from 80,000+ expert users

Apiiro vs Black Duck comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Apiiro
Ranking in Software Composition Analysis (SCA)
10th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
2
Ranking in other categories
Static Application Security Testing (SAST) (21st), API Security (9th), Software Supply Chain Security (8th), Risk-Based Vulnerability Management (12th), Application Security Posture Management (ASPM) (2nd)
Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Software Composition Analysis (SCA) category, the mindshare of Apiiro is 1.8%, up from 1.3% compared to the previous year. The mindshare of Black Duck is 19.7%, down from 22.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Ryan-Murphy - PeerSpot reviewer
A great secrets detection feature, good visibility, and integrates well
The biggest benefit of Apiiro for us was the visibility it gave us into our GitHub organization, which we didn't have much of before. The benefit of adding Apiiro early is that it would be integrated into our pipeline from the start. Since we have had some of our software products for many years, we would have to do a lot of cleaning up before integrating Apiiro into our developer workflow. Integrating Apiiro early allows us to stay ahead of the curve on security issues and address them as they arise, rather than having a huge backlog for developers to fix. Apiiro's ability to provide visibility into the risk of our application components is great. This was a selling feature for us. Apiiro was a less mature product a little over a year ago when they were still early on in their development. However, they have made fantastic advancements over the last year, which has given us much more visibility into that sort of thing. Apiiro has helped prevent business-critical risks by making recommendations based on what it thinks is a high or critical issue. I think it does a pretty good job at that, but those recommendations still need a manual review from us. In general, if Apiiro flags a critical issue, it is usually pretty close to identifying whether it is business-critical or not. It is something we should review, even if we end up downgrading it. Apiiro raises valid concerns, and I am happy that it does.
Saravanan_Radhakrishnan - PeerSpot reviewer
Enables applications to be secure, but it must provide more open APIs
The product enables other applications to be secure. We use it to onboard 400 to 500 applications into the DevOps platform, protect them, and have a secure environment. The tool integrates well with different technologies, application stacks, and databases. The APIs are available. We can read the blogs in the community for open-source compliance and security. The community feeds are important. Black Duck is a leader in Gartner. It is a reliable solution.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"The workflow automation is likely the best aspect of the solution."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The software composition analysis is most effective for security risk management."
"The installation is very easy."
"We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it."
"The cloud option of the product is always available and a positive aspect of the solution."
"The UI is the solution's most valuable feature since it allows for easy pipeline integration."
"The automated code scanning feature and Black Duck's integration with our development tools have enhanced our software compliance process and overall audit readiness."
"The product enables other applications to be secure."
 

Cons

"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"User management is a little bit clunky."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"The product's pricing is higher compared to other competitor products."
"The scanner client is limited by the size of software it can handle."
"Black Duck does not have the SBOM management part. I would like to see this feature added in the future."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"I would like to see more integration with other solutions, such as IntelliJ IDEA."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
 

Pricing and Cost Advice

Information not available
"The price is low. It's not an expensive solution."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"It is expensive."
"The price charged by Black Duck is exorbitant."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"The pricing is a little high."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
12%
Comms Service Provider
8%
Manufacturing Company
8%
Financial Services Firm
20%
Manufacturing Company
16%
Computer Software Company
14%
Insurance Company
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Apiiro?
Apiiro's secrets detection feature has saved us several times, which we appreciate greatly.
What is your experience regarding pricing and costs for Apiiro?
My understanding is the pricing is pretty competitive.
What needs improvement with Apiiro?
Apiiro recently integrated SaaS, and we would love to see them expand on that. They provide many integrations to different products, including SaaS products such as Snyk. Ideally, Apiiro would incl...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
 

Comparisons

 

Also Known As

Apiiro Control Plane (ASOC), Apiiro API Security (SAST), Apiiro Open Source (SCA)
Blackduck Hub, Black Duck Protex, Black Duck Security Checker
 

Overview

 

Sample Customers

Morgan Stanley, Rakuten, Jack Henry, SoFi, Colgate, Navan
Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
Find out what your peers are saying about Apiiro vs. Black Duck and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.