Black Duck Room for Improvement

TundeOgunkoya
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
I would like to see more integration with other solutions, such as IntelliJ IDEA. View full review »
Zvika-Ronen
Chief Technology Officer (CTO) at FOSSAWARE
In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is separated into sub-scans. If you want the status on a certain scan, you can't get it automatically and it can sometimes take a couple of hours. If you want to attach the scan into a CI process and then get an actual result it cannot provide an accurate status. We are running a Proscan developed in-house and this manipulates the result. It doesn't change the result but it adds some attributes to it. For instance, it gets an alter source and it gives you a link for the domain where you can read more about it. Or if the GUI suggests the conversion, and provides an excel report, you do not really need to go to the GUI, it can be accessed by email after the scan. These attributes and manipulations are done by the API developed in-house for the GUI. For additional features, I'd like to be able to see SQL on demand, side by side. I'd like to be able to change a room with managed components inside the project, and still have it affect other projects. There is currently no internal database for manual changes which would be a good addition. Also, it would be helpful to include isolation of parts from the doctor image, for instance. View full review »
Costas-Voliotis
Co-Founder CTO/CPO at Source Code Inspection
It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports. View full review »
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,249 professionals have used our research since 2012.
reviewer1421445
Former SVP at a manufacturing company with 5,001-10,000 employees
The solution requires us to manually identify codes and other forms of identification, and this takes up a lot of time. The patterns the solution uses for identification need to be constantly reviewed by our team. There's also no time stamps. Everything needs to be reviewed. It takes double the time to identify things. Features just don't come up in the Hub. We'd like to be able to authenticate through our two companies. We're not too sure about the extension of the firewall. It never shows up in the Hub. The Hub doesn't like that we have binary sides, so, once again, we need to check everything, meaning we get double the work. The scanning aspect of the resolution needs to be improved. Right now, as it is, it's not okay. It would be ideal if the solution offered features to add one or more components to a file. View full review »
reviewer1361340
Project Lead at a manufacturing company with 10,001+ employees
The older version that we are using is very primitive. You have to do every step, right from setting up an application to the user. The code has to sit in a particular folder and all of the open-source dependencies have to be there. With everything in one folder, it starts to scan. As we are using Code Center, we need to ensure that all of the components are there. However, there are thousands of components and for each submission, the components have to be there. There are no bulk submissions or bulk transfers. Essentially, you need to write your own scripts with the APIs to do it more efficiently. It needs to be more user-friendly for developers and in general, to ensure compliance. The scanning should be quick and easy to use, rather than complex. The pricing for this solution should definitely be lower. View full review »
RaviShankar
Lead Product Enginner at Harman International Industries, Incorporated
The initial setup could be simplified. It was somewhat complex. In the next release, I would like to see packet analysis and binary analysis included as features. View full review »
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,249 professionals have used our research since 2012.