Solutions Architect at a tech services company with 10,001+ employees
Real User
Top 5
2024-04-12T10:40:45Z
Apr 12, 2024
We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.
We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time.
The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.
CTO at a computer software company with 11-50 employees
Real User
2020-12-15T15:36:41Z
Dec 15, 2020
The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.
Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.
Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis,...
The cloud option of the product is always available and a positive aspect of the solution.
The most valuable feature for me in Black Duck is its ability to scan binary files effectively.
We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.
The product enables other applications to be secure.
The UI is the solution's most valuable feature since it allows for easy pipeline integration.
We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time.
The solution is stable.
The solution is very good at scanning and evaluating open source software.
The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.
It is able to drill down to the source level.
Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.
The installation is very easy.
The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.
The most valuable feature is the vulnerability scanning, and that it's easy to use.
The solution works well on Mac products.
The stability is okay.
I like the fact that the product auto analyzes components.
It highlights what the developers have done, and it shows the impact from an intellectual property point of view.