We performed a comparison between Black Duck, FlexNet Code Insight, and Mend.io based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."Policy management is a valuable feature."
"The installation is very easy."
"We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time."
"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The solution is very good at scanning and evaluating open source software."
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"The vulnerability analysis is the best aspect of the solution."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"The solution must provide more open APIs."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."
"The product's pricing is higher compared to other competitor products."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
"We're not too sure about the extension of the firewall. It never shows up in the Hub."
"I found the user interface cumbersome and difficult to use."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"The dashboard UI and UX are problematic."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"The only thing that I don't find support for on Mend Prioritize is C++."
"Make the product available in a very stable way for other web browsers."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
Earn 20 points
