Try our new research platform with insights from 80,000+ expert users

Apiiro vs Black Duck comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Apiiro
Ranking in Software Composition Analysis (SCA)
10th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
2
Ranking in other categories
Static Application Security Testing (SAST) (21st), API Security (9th), Software Supply Chain Security (8th), Risk-Based Vulnerability Management (12th), Application Security Posture Management (ASPM) (2nd)
Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
20
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Software Composition Analysis (SCA) category, the mindshare of Apiiro is 1.8%, up from 1.3% compared to the previous year. The mindshare of Black Duck is 19.7%, down from 22.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Ryan-Murphy - PeerSpot reviewer
A great secrets detection feature, good visibility, and integrates well
The biggest benefit of Apiiro for us was the visibility it gave us into our GitHub organization, which we didn't have much of before. The benefit of adding Apiiro early is that it would be integrated into our pipeline from the start. Since we have had some of our software products for many years, we would have to do a lot of cleaning up before integrating Apiiro into our developer workflow. Integrating Apiiro early allows us to stay ahead of the curve on security issues and address them as they arise, rather than having a huge backlog for developers to fix. Apiiro's ability to provide visibility into the risk of our application components is great. This was a selling feature for us. Apiiro was a less mature product a little over a year ago when they were still early on in their development. However, they have made fantastic advancements over the last year, which has given us much more visibility into that sort of thing. Apiiro has helped prevent business-critical risks by making recommendations based on what it thinks is a high or critical issue. I think it does a pretty good job at that, but those recommendations still need a manual review from us. In general, if Apiiro flags a critical issue, it is usually pretty close to identifying whether it is business-critical or not. It is something we should review, even if we end up downgrading it. Apiiro raises valid concerns, and I am happy that it does.
Saravanan_Radhakrishnan - PeerSpot reviewer
Enables applications to be secure, but it must provide more open APIs
The product enables other applications to be secure. We use it to onboard 400 to 500 applications into the DevOps platform, protect them, and have a secure environment. The tool integrates well with different technologies, application stacks, and databases. The APIs are available. We can read the blogs in the community for open-source compliance and security. The community feeds are important. Black Duck is a leader in Gartner. It is a reliable solution.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The workflow automation is likely the best aspect of the solution."
"Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"The solution is stable."
"The UI is the solution's most valuable feature since it allows for easy pipeline integration."
"Policy management is a valuable feature."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The solution is very good at scanning and evaluating open source software."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time."
 

Cons

"User management is a little bit clunky."
"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"The initial setup could be simplified. It was somewhat complex."
"Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive."
"The scanner client is limited by the size of software it can handle."
"The tool's documentation and support are areas of concern where improvements are required."
"The documentation is quite scattered."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"The solution must provide more open APIs."
 

Pricing and Cost Advice

Information not available
"The price charged by Black Duck is exorbitant."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"It is expensive."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"The price is low. It's not an expensive solution."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"The pricing is a little high."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
21%
Financial Services Firm
11%
Comms Service Provider
8%
Manufacturing Company
8%
Financial Services Firm
20%
Manufacturing Company
16%
Computer Software Company
14%
Healthcare Company
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Apiiro?
Apiiro's secrets detection feature has saved us several times, which we appreciate greatly.
What is your experience regarding pricing and costs for Apiiro?
My understanding is the pricing is pretty competitive.
What needs improvement with Apiiro?
Apiiro recently integrated SaaS, and we would love to see them expand on that. They provide many integrations to different products, including SaaS products such as Snyk. Ideally, Apiiro would incl...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
 

Comparisons

 

Also Known As

Apiiro Control Plane (ASOC), Apiiro API Security (SAST), Apiiro Open Source (SCA)
Blackduck Hub, Black Duck Protex, Black Duck Security Checker
 

Overview

 

Sample Customers

Morgan Stanley, Rakuten, Jack Henry, SoFi, Colgate, Navan
Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
Find out what your peers are saying about Apiiro vs. Black Duck and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.