Director at a healthcare company with 10,001+ employees
Real User
Top 5
2024-11-11T15:42:33Z
Nov 11, 2024
I recommend Black Duck for those using native languages like C and C++. However, for new technologies, there are better tools available. I'd rate the solution six out of ten.
Project Manager at a manufacturing company with 11-50 employees
Real User
Top 10
2024-04-19T03:11:00Z
Apr 19, 2024
I use Black Duck's compliance management capabilities, and they are very helpful. I integrate Black Duck into my CI/CD pipeline and use it to create compliance tools. This helps me block code from other developers if it doesn't comply with my standards. Integrating Black Duck into my IT environment was straightforward. Overall, I would rate Black Duck as a nine out of ten. I would recommend it to others.
I will recommend the product to others. It has in-built use cases for different verticals of the industry. Overall, I rate the tool a seven out of ten.
We are a customer and an end-user. We are using Black Duck Hub. I'd rate the solution at an eight out of ten. We're mostly quite happy with the capabilities. Black Duck is a good, but not an inexpensive tool. If others want stability or a well-respected tool, I would recommend it.
CTO at a computer software company with 11-50 employees
Real User
2020-12-15T15:36:41Z
Dec 15, 2020
I would advise others to be careful with the provisioning of the space that you need. Black Duck has been the key player in the market for many years. It is totally in conjunction with Coverity and forms a suite of security and quality. It is frequently used in M&A or mergers and acquisition cases. It is the top product in the market. I would rate Black Duck a nine out of ten.
Former SVP at a manufacturing company with 5,001-10,000 employees
Real User
2020-09-27T04:10:02Z
Sep 27, 2020
We're just a customer. We don't have a business relationship with Black Duck. I'm not sure how the solution is deployed within our organization (whether it's cloud or on-premises). We've had to migrate our current Hub to Black Duck Hub, which is not efficient for the identification process. We do projects. Due to our identification process, it's not as accurate as we'd like. Overall, I'd rate the solution six out of ten.
As we are using an older version, and have not yet completed a PoC with the most recent one, I am not sure whether there are newer features that we need or will use. Things that we would like to see may have already been implemented. I would rate this solution a six out of ten.
The set up is on-premises but the knowledge base is through the cloud. As mentioned, it's a hybrid solution. The main difference between Black Duck and other solutions is the way the software identifies the open source. If it's being used out of the box and there's no need for any changes or modification or integration, probably a software based on SHA-1 would be good enough. If the company's customizing its software based on a customer requirements, changes will be needed. Software that works on a single match point probably will miss that. And that's the advantage of Black Duck. I would rate this product an eight out of 10.
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
Reseller
2019-05-28T07:49:00Z
May 28, 2019
This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers and then the next year you are growing to ten. Then, in another year, there are fourteen or twenty. As you grow, a user-based model may not work for you so you might consider going with the code-based model. However, if you are working on multiple projects then you may consider the user-based model, as long as your headcount is relatively stable. Overall, the deployment is straightforward, uploading code is straightforward, analysis is straightforward, but with integration then it may be slightly lacking. I would rate this solution a nine out of ten.
Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.
Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis,...
I recommend Black Duck for those using native languages like C and C++. However, for new technologies, there are better tools available. I'd rate the solution six out of ten.
I use Black Duck's compliance management capabilities, and they are very helpful. I integrate Black Duck into my CI/CD pipeline and use it to create compliance tools. This helps me block code from other developers if it doesn't comply with my standards. Integrating Black Duck into my IT environment was straightforward. Overall, I would rate Black Duck as a nine out of ten. I would recommend it to others.
Overall, I would rate the solution an eight out of ten.
I will recommend the product to others. It has in-built use cases for different verticals of the industry. Overall, I rate the tool a seven out of ten.
I recommend Black Duck to those who plan to use it. I rate the overall product a seven out of ten.
I rate the product an eight out of ten.
I would rate the product a nine out of ten. We mostly have enterprise customers for the solution.
The solution is the most popular open software scanning tool. I rate the solution an eight out of ten.
I rate Black Duck a nine out of ten.
I would rate it a seven out of ten.
I would rate Black Duck an eight out of ten.
We are a customer and an end-user. We are using Black Duck Hub. I'd rate the solution at an eight out of ten. We're mostly quite happy with the capabilities. Black Duck is a good, but not an inexpensive tool. If others want stability or a well-respected tool, I would recommend it.
I would advise others to be careful with the provisioning of the space that you need. Black Duck has been the key player in the market for many years. It is totally in conjunction with Coverity and forms a suite of security and quality. It is frequently used in M&A or mergers and acquisition cases. It is the top product in the market. I would rate Black Duck a nine out of ten.
This is a product that I would recommend to others. I would rate Black Duck an eight out of ten.
We're just a customer. We don't have a business relationship with Black Duck. I'm not sure how the solution is deployed within our organization (whether it's cloud or on-premises). We've had to migrate our current Hub to Black Duck Hub, which is not efficient for the identification process. We do projects. Due to our identification process, it's not as accurate as we'd like. Overall, I'd rate the solution six out of ten.
As we are using an older version, and have not yet completed a PoC with the most recent one, I am not sure whether there are newer features that we need or will use. Things that we would like to see may have already been implemented. I would rate this solution a six out of ten.
The set up is on-premises but the knowledge base is through the cloud. As mentioned, it's a hybrid solution. The main difference between Black Duck and other solutions is the way the software identifies the open source. If it's being used out of the box and there's no need for any changes or modification or integration, probably a software based on SHA-1 would be good enough. If the company's customizing its software based on a customer requirements, changes will be needed. Software that works on a single match point probably will miss that. And that's the advantage of Black Duck. I would rate this product an eight out of 10.
This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers and then the next year you are growing to ten. Then, in another year, there are fourteen or twenty. As you grow, a user-based model may not work for you so you might consider going with the code-based model. However, if you are working on multiple projects then you may consider the user-based model, as long as your headcount is relatively stable. Overall, the deployment is straightforward, uploading code is straightforward, analysis is straightforward, but with integration then it may be slightly lacking. I would rate this solution a nine out of ten.