Solutions Architect at a tech services company with 10,001+ employees
Real User
Top 5
2024-04-12T10:40:45Z
Apr 12, 2024
For scanning purposes, we use Synopsys Black Duck. Primarily, we use it to ensure all our projects go through Black Duck scans. We do this sometimes via source code analysis and sometimes via binary analysis/Docker analysis. It figures out third-party components, any security vulnerabilities, and more. Our primary focus is security – it also flags operational vulnerabilities, like outdated software versions or lack of active maintainers, but we generally don't give those as much weight. We use Black Duck for open-source compliance in our software projects.
We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different entities have access to the product. They run it by themselves and come to us with their findings. Our security team helps them take action.
DevOps Engineer at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
2023-09-15T03:20:31Z
Sep 15, 2023
As a DevOps engineer, I am supposed to integrate Black Duck in my CI/CD integration and deployment pipeline. The product teams in my company do a vulnerability scan of our products before we make them available in the market. From the product team's perspective, they check the vulnerability according to the scanning process done from pipelines. My company has a YAML script with which we add the stage, and from there, it gets integrated.
We use Black Duck mainly for the DevSecOps pipeline. For the microservices-based application, we have to deploy Black Duck into the Kubernetes environment. I have worked for multiple clients across the world, such as the US and Europe in the banking, retail, and energy sectors.
CTO at a computer software company with 11-50 employees
Real User
2020-12-15T15:36:41Z
Dec 15, 2020
We use Black Duck Hub to discover commercial and open-source licenses and the licensed software used by a company. Whenever a company enters the M&A process, a preliminary step called due diligence is done. A part of it is the technical discovery that includes finding out what software the company is using and whether the software is linked with any open-source software or commercial product for which you have to pay a license. Our main use case is to discover the license and find out if there is an obligation for the paid license. We also check the exposure of the software to open-source libraries. Open source is great, and it is a preferred solution for many companies. Around 90% of the software is now open source, but it is also exposed to vulnerabilities. So, through the dependencies that we were discovering, we were also working on the security exposure of the software product. For this purpose, we use Black Duck Hub.
I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis.
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
Reseller
2019-05-28T07:49:00Z
May 28, 2019
We have been using this solution for between two and three years. We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.
Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.
Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis,...
I use Black Duck to detect vulnerabilities in open-source software before integrating it into my project.
For scanning purposes, we use Synopsys Black Duck. Primarily, we use it to ensure all our projects go through Black Duck scans. We do this sometimes via source code analysis and sometimes via binary analysis/Docker analysis. It figures out third-party components, any security vulnerabilities, and more. Our primary focus is security – it also flags operational vulnerabilities, like outdated software versions or lack of active maintainers, but we generally don't give those as much weight. We use Black Duck for open-source compliance in our software projects.
We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different entities have access to the product. They run it by themselves and come to us with their findings. Our security team helps them take action.
As a DevOps engineer, I am supposed to integrate Black Duck in my CI/CD integration and deployment pipeline. The product teams in my company do a vulnerability scan of our products before we make them available in the market. From the product team's perspective, they check the vulnerability according to the scanning process done from pipelines. My company has a YAML script with which we add the stage, and from there, it gets integrated.
We use the solution to scan Java code.
Our company uses the solution to check open source software that is embedded in our products.
We use Black Duck mainly for the DevSecOps pipeline. For the microservices-based application, we have to deploy Black Duck into the Kubernetes environment. I have worked for multiple clients across the world, such as the US and Europe in the banking, retail, and energy sectors.
I am not working with Black Duck. I manage a team that works with Black Duck.
We use Black Duck Hub to discover commercial and open-source licenses and the licensed software used by a company. Whenever a company enters the M&A process, a preliminary step called due diligence is done. A part of it is the technical discovery that includes finding out what software the company is using and whether the software is linked with any open-source software or commercial product for which you have to pay a license. Our main use case is to discover the license and find out if there is an obligation for the paid license. We also check the exposure of the software to open-source libraries. Open source is great, and it is a preferred solution for many companies. Around 90% of the software is now open source, but it is also exposed to vulnerabilities. So, through the dependencies that we were discovering, we were also working on the security exposure of the software product. For this purpose, we use Black Duck Hub.
We are using this solution for software analysis and vulnerability scanning.
We're primarily using the solution for compliance. It's part of an audit process.
We use Black Duck to examine our source code for compliance issues.
I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis.
We have been using this solution for between two and three years. We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.