Try our new research platform with insights from 80,000+ expert users

Black Duck vs Checkmarx Software Composition Analysis comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Customer Service

No sentiment score available
Black Duck offers responsive support, but users report delays and variability in satisfaction, especially during peak times and across time zones.
No sentiment score available
Checkmarx SCA provides 24/7 customer support with knowledgeable service and comprehensive documentation, though some note past service decline.
There are some pain points with the response time and first-level support quality.
 

Room For Improvement

Sentiment score
4.0
Black Duck needs improved integration, scan speed, setup, user experience, documentation, pricing, reporting, APIs, project handling, and customer interaction.
Sentiment score
4.4
Checkmarx Software Composition Analysis requires price, UI, performance improvements, faster updates, stronger API security, and better support for enhancements.
There are areas for improvement such as false positives and the scanning of containers.
 

Scalability Issues

Sentiment score
7.8
Black Duck is scalable and integrates well with CI/CD, though costs and flexibility vary with organizational needs and user numbers.
Sentiment score
8.7
Checkmarx Software Composition Analysis is praised for its scalability, effectively handling multiple projects with high user satisfaction and efficiency.
 

Setup Cost

No sentiment score available
Black Duck pricing varies by user count or code size, offering free integrations and training with costs from $10,000.
No sentiment score available
Checkmarx Software Composition Analysis is costly and complex but valued, prompting many enterprise users to expand its use.
 

Stability Issues

Sentiment score
7.9
Users find Black Duck stable and reliable, with minor GUI delays and transition bugs, but no significant stability issues.
Sentiment score
8.1
Checkmarx Software Composition Analysis is stable and reliable, though occasional performance issues occur with geographical cloud usage impacting scan times.
 

Valuable Features

Sentiment score
7.9
Black Duck offers robust vulnerability scanning and seamless integration, ensuring efficient open-source compliance and security in DevOps environments.
Sentiment score
8.2
Checkmarx SCA integrates with CICD pipelines to ensure security by identifying vulnerabilities and license issues with detailed analysis and guidance.
The software composition analysis is most effective for security risk management.
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
20
Ranking in other categories
No ranking in other categories
Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
8th
Average Rating
9.2
Reviews Sentiment
7.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 23.0%, down from 23.3% compared to the previous year. The mindshare of Checkmarx Software Composition Analysis is 2.6%, down from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Saravanan_Radhakrishnan - PeerSpot reviewer
Enables applications to be secure, but it must provide more open APIs
The product enables other applications to be secure. We use it to onboard 400 to 500 applications into the DevOps platform, protect them, and have a secure environment. The tool integrates well with different technologies, application stacks, and databases. The APIs are available. We can read the blogs in the community for open-source compliance and security. The community feeds are important. Black Duck is a leader in Gartner. It is a reliable solution.
Sujata Sujata Ghadage - PeerSpot reviewer
Offers great security in the area of vulnerability detection
I am more into the SAST side, which is related to Checkmarx Software Composition Analysis. Checkmarx recently introduced DAST and software composition analysis, but I am not aware much about it. Checkmarx Software Composition Analysis is a good tool with many rules, ensuring that the product offers vulnerability detection and provides good coverage. Though my company has not integrated Checkmarx Software Composition Analysis into SDLC, we do plan to do it in the future. The product helped our company deal with a major security breach when we had to deal with a lot of SQL-related issues stemming from some of the codes, which were written earlier not using a proper framework, owing to which there were many vulnerabilities in respect to LDAP, cross-site attacks and SQL injection. The product's most effective part for identifying vulnerabilities stems from the tool's SAST capabilities. The product's dashboard has improved our company's vulnerability management processes. The tool shows a proper dashboard and offers frequent remediation options and proper compliance status, which helps to know about the number of vulnerabilities and the dashboards. The accuracy of the product's vulnerability detection is 95 percent. At an organizational level, the product is hosted on the cloud. In my company, we use the product to scan reports. I don't see anything complex in the solution from the maintenance point of view. The product is deployed in a single location where multiple people use it. The product can be described as an access-based solution. For a particular project or depending on an assignment, access is given to certain people for a month or two. After the completion of a project or assignment, the product's access to a person is removed and given to another person who needs the solution for another project. I recommend the product to those who plan to use it. It is one of the best tools in the market. The product provides good coverage and ensures that the users experience a return on investment from its use in their environment. The tool is also helpful in dealing with vulnerabilities and false positives. I rate the overall tool a nine out of ten.
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
816,660 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Manufacturing Company
16%
Computer Software Company
14%
Healthcare Company
4%
Financial Services Firm
36%
Manufacturing Company
15%
Computer Software Company
10%
Logistics Company
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
What do you like most about Checkmarx Software Composition Analysis?
The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all...
What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
We have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage.
What needs improvement with Checkmarx Software Composition Analysis?
Checkmarx Software Composition Analysis should improve dynamic analysis.
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
CxSCA
 

Overview

 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
AXA, Liveperson, Aaron's, Playtech, Morningstar
Find out what your peers are saying about Black Duck vs. Checkmarx Software Composition Analysis and other solutions. Updated: October 2024.
816,660 professionals have used our research since 2012.