Black Duck Review

Stable, but the process is very manual and the price should be reduced

What is our primary use case?

We use Black Duck to examine our source code for compliance issues.

What needs improvement?

The older version that we are using is very primitive. You have to do every step, right from setting up an application to the user. The code has to sit in a particular folder and all of the open-source dependencies have to be there. With everything in one folder, it starts to scan. As we are using Code Center, we need to ensure that all of the components are there. However, there are thousands of components and for each submission, the components have to be there. There are no bulk submissions or bulk transfers. Essentially, you need to write your own scripts with the APIs to do it more efficiently.

It needs to be more user-friendly for developers and in general, to ensure compliance. The scanning should be quick and easy to use, rather than complex.

The pricing for this solution should definitely be lower.

For how long have I used the solution?

We have been using Black Duck for between five and six years.

What do I think about the stability of the solution?

The stability is okay. We need to keep cleaning up and archiving, which is the standard care by an administrator.

What do I think about the scalability of the solution?

The number of people we have using Black Duck at any time is on a project-by-project basis. We probably have around 500 users, although they do not use it on a continuous basis. The usage is based on the number of requests. For some projects, it will be used just one time, and that's it. 

How are customer service and technical support?

We have just started to contact technical support, so it is too early to evaluate them.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to Black Duck.

How was the initial setup?

The initial setup is complex. It is installed and configured on a Linux-based system, and the on-premises database needs to be updated.

Upgrading our version of Black Duck to the most recent is a tedious process. It is very step-by-step and very manual.

What's my experience with pricing, setup cost, and licensing?

The price is quite high because the behavior of the software during the scan is similar to competing products. 

Which other solutions did I evaluate?

We are currently evaluating whether we should continue to work with Black Duck, upgrading to the most recent version, or change to another solution. We are looking at several tools that also include WhiteSource and Checkmarx Composition Software Analysis. Ideally, we want to find a solution that suits our everyday needs.

One thing that we have found is that the price of Black Duck is quite high, compared to other products.

What other advice do I have?

As we are using an older version, and have not yet completed a PoC with the most recent one, I am not sure whether there are newer features that we need or will use. Things that we would like to see may have already been implemented.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Black Duck reviews from users
...who compared it with WhiteSource
Add a Comment