Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.
Black Duck's most valuable feature is its ability to scan and evaluate open source software, ensuring license compliance and detecting vulnerabilities in Docker binary files. It seamlessly integrates and updates vulnerabilities in real-time, making it a trusted and well-recognized tool in the industry. Users are happy with its extensive scan reserves and easy installation.
Black Duck needs improvement in terms of pricing, usability, accuracy of results, and scanning time. Users expect more features and customization options in the UI, instead of relying on APIs and scripts. Some users have also experienced issues with the latest releases. The cost is considered too high for those who only use it a few times a year.
Black Duck is considered to be an expensive solution with high costs. The pricing is not readily available to all teams and is negotiated through contract negotiations. The solution does not offer a monthly subscription, which would be preferred by some users.
Black Duck is used by companies to check open source software in their products, mainly for the DevSecOps pipeline. It is deployed into Kubernetes environments for microservices-based applications. It is utilized by clients across different sectors, such as banking, retail, and energy.
According to the reviews, Black Duck has good technical support with quick response times. However, some reviewers feel that their support may not be as strong on the technical side.
Setting up Black Duck is generally considered to be a straightforward process that can take a few hours to complete. While some users may have had the setup done for them, others have found it manageable with minimal difficulty. However, it should be noted that maintenance may require additional resources.
The solution provided by Black Duck is easily scalable, with varying departments able to manage change orders and add users with minimal difficulty. The tool is rated an eight out of ten for its scalability. Because it is cloud-based, the solution is also easily scalable for organizations with hundreds of users. However, some organizations may have a smaller number of users, with only a handful of people in one team utilizing the tool. Additionally, not every member of an organization may use the tool, with only developers in some cases being the primary users.
Users have consistently reported that the stability of the Black Duck solution is excellent. They have not experienced any bugs, glitches, crashes or freezing while using it, making it a reliable option.
Black Duck was previously known as Blackduck Hub, Black Duck Protex, Black Duck Security Checker.
Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf