Black Duck Other Advice

Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers and then the next year you are growing to ten. Then, in another year, there are fourteen or twenty. As you grow, a user-based model may not work for you so you might consider going with the code-based model. However, if you are working on multiple projects then you may consider the user-based model, as long as your headcount is relatively stable. Overall, the deployment is straightforward, uploading code is straightforward, analysis is straightforward, but with integration then it may be slightly lacking. I would rate this solution a nine out of ten. View full review »
Technology Leader/ Open Source Compliance and Risk expert at a comms service provider with 10,001+ employees
The set up is on-premises but the knowledge base is through the cloud. As mentioned, it's a hybrid solution. The main difference between Black Duck and other solutions is the way the software identifies the open source. If it's being used out of the box and there's no need for any changes or modification or integration, probably a software based on SHA-1 would be good enough. If the company's customizing its software based on a customer requirements, changes will be needed. Software that works on a single match point probably will miss that. And that's the advantage of Black Duck. I would rate this product an eight out of 10. View full review »
Find out what your peers are saying about Black Duck vs. WhiteSource and other solutions. Updated: February 2020.
396,781 professionals have used our research since 2012.