Try our new research platform with insights from 80,000+ expert users

Black Duck vs Checkmarx Software Composition Analysis comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 5, 2024
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.8
Number of Reviews
19
Ranking in other categories
No ranking in other categories
Checkmarx Software Composit...
Ranking in Software Composition Analysis (SCA)
8th
Average Rating
9.2
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 23.0%, down from 23.3% compared to the previous year. The mindshare of Checkmarx Software Composition Analysis is 2.6%, down from 3.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Saravanan_Radhakrishnan - PeerSpot reviewer
Mar 5, 2024
Enables applications to be secure, but it must provide more open APIs
We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different…
Sujata Sujata Ghadage - PeerSpot reviewer
Mar 14, 2024
Offers great security in the area of vulnerability detection
I am more into the SAST side, which is related to Checkmarx Software Composition Analysis. Checkmarx recently introduced DAST and software composition analysis, but I am not aware much about it. Checkmarx Software Composition Analysis is a good tool with many rules, ensuring that the product offers vulnerability detection and provides good coverage. Though my company has not integrated Checkmarx Software Composition Analysis into SDLC, we do plan to do it in the future. The product helped our company deal with a major security breach when we had to deal with a lot of SQL-related issues stemming from some of the codes, which were written earlier not using a proper framework, owing to which there were many vulnerabilities in respect to LDAP, cross-site attacks and SQL injection. The product's most effective part for identifying vulnerabilities stems from the tool's SAST capabilities. The product's dashboard has improved our company's vulnerability management processes. The tool shows a proper dashboard and offers frequent remediation options and proper compliance status, which helps to know about the number of vulnerabilities and the dashboards. The accuracy of the product's vulnerability detection is 95 percent. At an organizational level, the product is hosted on the cloud. In my company, we use the product to scan reports. I don't see anything complex in the solution from the maintenance point of view. The product is deployed in a single location where multiple people use it. The product can be described as an access-based solution. For a particular project or depending on an assignment, access is given to certain people for a month or two. After the completion of a project or assignment, the product's access to a person is removed and given to another person who needs the solution for another project. I recommend the product to those who plan to use it. It is one of the best tools in the market. The product provides good coverage and ensures that the users experience a return on investment from its use in their environment. The tool is also helpful in dealing with vulnerabilities and false positives. I rate the overall tool a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product enables other applications to be secure."
"The solution is stable."
"I like the fact that the product auto analyzes components."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The installation is very easy."
"The cloud option of the product is always available and a positive aspect of the solution."
"The solution works well on Mac products."
"Policy management is a valuable feature."
"The product is stable and scalable."
"It is a stable solution...It is a scalable solution."
"Checkmarx unifies all the features in its service."
"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
"What's most valuable in Checkmarx Software Composition Analysis is its ability to identify vulnerabilities in open-source components, especially if some critical issues exist."
"I appreciate the user-friendly interface. The GUI is excellent, providing detailed information on outdated versions, including version numbers and the flow of library calls. This allows me to plan and prioritize library changes based on potential vulnerabilities, even if the affected library is indirectly used in my project. The tool offers specific guidance on addressing these issues."
"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."
 

Cons

"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"The tool's documentation and support are areas of concern where improvements are required."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"The documentation is quite scattered."
"I would like to see more integration with other solutions, such as IntelliJ IDEA."
"The solution must provide more open APIs."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"The product's pricing is higher compared to other competitor products."
"In terms of areas for improvement, what could be improved in Checkmarx Software Composition Analysis is pricing because customers always compare the pricing among secure DevOps solutions in the market. Checkmarx Software Composition Analysis has a lot of competitors yet its features aren't much different. Pricing is the first thing customers consider, and from a partner perspective, if you can offer affordable pricing to your customers, it's more likely you'll have a winning deal. The performance of Checkmarx Software Composition Analysis also needs improvement because sometimes, it's slow, and in particular, scanning could take several hours."
"API security is an area with shortcomings that needs improvement."
"Parts of the implementation process could improve by making it more user-friendly."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"I have received complaints from my customers that the pricing could be improved."
"Personally, I currently use it as a standalone tool without integrating it with other systems, and it meets my needs adequately. As a suggestion, I request on considering to add a "what if" feature to the application. Currently, when the tool identifies issues and suggests updates, if I want to explore different scenarios, I need to prepare another file, turn it into a ZIP, and run the analysis again. It would be more convenient if there was a "what if" option in the GUI. This feature could simulate a run, allowing me to quickly check the impact of changing one or more files or versions without the need for a full rerun."
"Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities."
"It can have better licensing models."
 

Pricing and Cost Advice

"It is expensive."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"The price is low. It's not an expensive solution."
"The pricing is a little high."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"The price charged by Black Duck is exorbitant."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"It is a little bit high priced. It would be better if it was a little less expensive."
"The license model is somewhat perplexing as it comprises multiple aspects that can be confusing for customers. The model is determined by the number of registered users and the number of projects being scanned, along with a third component that adds to the complexity."
"We don't have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage."
"Pricing for Checkmarx Software Composition Analysis needs to be competitive."
"My customers need to pay for the licensing part, and they need to opt for an annual subscription."
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Manufacturing Company
16%
Computer Software Company
14%
Healthcare Company
4%
Financial Services Firm
35%
Manufacturing Company
15%
Computer Software Company
11%
Logistics Company
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
What do you like most about Checkmarx Software Composition Analysis?
The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all...
What is your experience regarding pricing and costs for Checkmarx Software Composition Analysis?
We have a license. The usage is limited to one, two, three, five, or ten people. It is currently used for all projects, and there are plans to increase its usage.
What needs improvement with Checkmarx Software Composition Analysis?
Checkmarx Software Composition Analysis should improve dynamic analysis.
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
CxSCA
 

Overview

 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
AXA, Liveperson, Aaron's, Playtech, Morningstar
Find out what your peers are saying about Black Duck vs. Checkmarx Software Composition Analysis and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.