Black Duck Reviews

Black Duck is the #4 ranked solution of our top Software Composition Analysis (SCA) tools. It's rated 3.3 out of 5 stars, and is most commonly compared to WhiteSource - Black Duck vs WhiteSource

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
TundeOgunkoya
Reseller
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
May 30 2019

How has it helped my organization?

This solution helps our customers to understand what really lies in their application. In terms of the open source components, it can show the dependencies that other components are relying on, which you don't see. For example, if your application is packaged with other stuff, it would help to pull… more »

What needs improvement?

I would like to see more integration with other solutions, such as IntelliJ IDEA.

What's my experience with pricing, setup cost, and licensing?

The pricing works either by the number of users or by code size. In the case of code size, they give you unlimited users. For example, if you have two thousand developers but you want a code size of 20GB, then that is what you get. If, however, you have forty developers and a lot of projects then… more »

What other advice do I have?

This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers… more »
Zvika-Ronen
Real User
Technology Leader/ Open Source Compliance and Risk expert at a comms service provider with 10,001+ employees
Jan 19 2020

What is most valuable?

I like the fact that the product auto analyzes components. In comparison to Protecode where you're given a suggestion and you have to manually choose the correct one, Black Duck analyzes automatically. However, there is a degree of error, possibly around 5%.

What needs improvement?

In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is separated into sub-scans. If you want the status on a certain scan, you can't get it automatically and… more »

What's my experience with pricing, setup cost, and licensing?

There are some features that cost extra but we don't use them because I'm not sure there's added value. The product is not cheap. There are several methods of payment - by product, by scale, or by code-based size. I suggest those buying Black Duck know their code size in relation to the code size… more »

What other advice do I have?

The set up is on-premises but the knowledge base is through the cloud. As mentioned, it's a hybrid solution. The main difference between Black Duck and other solutions is the way the software identifies the open source. If it's being used out of the box and there's no need for any changes or… more »
Learn what your peers think about Black Duck . Get advice and tips from experienced pros sharing their opinions. Updated: June 2020.
438,944 professionals have used our research since 2012.
Real User
Former SVP at a manufacturing company with 5,001-10,000 employees
Sep 27 2020

What is most valuable?

The solution has some pretty good features on offer. It helps protect our information. It has good security. The solution works well on Mac products.

What needs improvement?

The solution requires us to manually identify codes and other forms of identification, and this takes up a lot of time. The patterns the solution uses for identification need to be constantly reviewed by our team. There's also no time… more »

What's my experience with pricing, setup cost, and licensing?

I'm not sure of what the exact pricing is for the solution. That's not something I handle. My company deals with those aspects of the solution.

Which solution did I use previously and why did I switch?

We didn't previously work with a different solution. Black Duck has been our first technology for these types of tasks. As we are using it for an audit, I basically just learned the tool and started applying it to the process. I don't know… more »

What other advice do I have?

We're just a customer. We don't have a business relationship with Black Duck. I'm not sure how the solution is deployed within our organization (whether it's cloud or on-premises). We've had to migrate our current Hub to Black Duck Hub… more »
Real User
Project Lead at a manufacturing company with 10,001+ employees
Jun 09 2020

What needs improvement?

The older version that we are using is very primitive. You have to do every step, right from setting up an application to the user. The code has to sit in a particular folder and all of the open-source dependencies have to be there. With… more »

What's my experience with pricing, setup cost, and licensing?

The price is quite high because the behavior of the software during the scan is similar to competing products.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to Black Duck.

What other advice do I have?

As we are using an older version, and have not yet completed a PoC with the most recent one, I am not sure whether there are newer features that we need or will use. Things that we would like to see may have already been implemented. I… more »

Which other solutions did I evaluate?

We are currently evaluating whether we should continue to work with Black Duck, upgrading to the most recent version, or change to another solution. We are looking at several tools that also include WhiteSource and Checkmarx Composition… more »

What is Black Duck ?

Black Duck Hub is the leading platform for automated license compliance and open source security. Black Duck Hub helps security and development teams identify and mitigate open source-related risks across their application portfolio, while incorporating the functionality of Protex license compliance.

Also known as
Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Black Duck customers

Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf