I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis.
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
Reseller
2019-05-28T07:49:00Z
May 28, 2019
We have been using this solution for between two and three years. We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.
Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.
Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis,...
I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis.
We have been using this solution for between two and three years. We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.