Compare Black Duck vs. FOSSA

Cancel
You must select at least 2 products to compare!
Black Duck Logo
12,944 views|9,266 comparisons
FOSSA Logo
1,387 views|1,044 comparisons
Most Helpful Review
Find out what your peers are saying about Black Duck vs. FOSSA and other solutions. Updated: November 2020.
448,542 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view.""I like the fact that the product auto analyzes components.""The stability is okay.""The solution works well on Mac products."

More Black Duck Pros »

"I found FOSSA's out-of-the-box policy engine to be accurate and that it was tuned appropriately to the settings that we were looking for. The policy engine is pretty straightforward... I find it to be very straightforward to make small modifications to, but it's very rare that we have to make modifications to it. It's easy to use. It's a four-category system that handles most cases pretty well.""The most valuable feature is definitely the ease and speed of integrating into build pipelines, like a Jenkins pipeline or something along those lines. The ease of a new development team coming on board and integrating FOSSA with a new project, or even an existing project, can be done so quickly that it's invaluable and it's easy to ask the developers to use a tool like this. Those developers greatly value the very quick feedback they get on any licensing or security vulnerability issues.""FOSSA provided us with contextualized, easily actionable intelligence that alerted us to compliance issues. I could tell FOSSA exactly what I cared about and they would tell me when something was out of policy. I don't want to hear from the compliance tool unless I have an issue that I need to deal with. That was what was great about FOSSA is that it was basically "Here's my policy and only send me an alert if there's something without a policy." I thought that it was really good at doing that.""The support team has just been amazing, and it helps us to have a great support team from FOSSA. They are there to triage and answer all our questions which come up by using their product.""The most valuable feature is its ability to identify all of the components in a build, and then surface the licenses that are associated with it, allowing us to make a decision as to whether or not we allow a team to use the components. That eliminates the risk that comes with running consumer software that contains open source components.""What I really need from FOSSA, and it does a really good job of this, is to flag me when there are particular open source licenses that cause me or our legal department concern. It points out where a particular issue is, where it comes from, and the chain that brought it in, which is the most important part to me.""Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices."

More FOSSA Pros »

Cons
"I would like to see more integration with other solutions, such as IntelliJ IDEA.""The scanner client is limited by the size of software it can handle.""It needs to be more user-friendly for developers and in general, to ensure compliance.""We're not too sure about the extension of the firewall. It never shows up in the Hub."

More Black Duck Cons »

"Security scanning is an area for improvement. At this point, our experience is that we're only scanning for license information in components, and we're not scanning for security vulnerability information. We don't have access to that data. We use other tools for that. It would be an improvement for us to use one tool instead of two, so that we just have to go through one process instead of two.""We have seen some inaccuracies or incompleteness with the distribution acknowledgments for an application, so there's certainly some room for improvement there. Another big feature that's missing that should be introduced is snippet matching, meaning, not just matching an entire component, but matching a snippet of code that had been for another project and put in different files that one of our developers may have created.""I wish there was a way that you could have a more global rollout of it, instead of having to do it in each repository individually. It's possible, that's something that is offered now, or maybe if you were using the CI Jenkins, you'd be able to do that. But with Travis, there wasn't an easy way to do that. At least not that I could find. That was probably the biggest issue.""I would like more customized categories because our company is so big. This is doable for them. They are still in the stages of trying to figure this out since we are one of their biggest companies that they support.""The solution provides contextualized, actionable, intelligence that alerts us to compliance issues, but there is still a little bit of work to be done on it. One of the issues that I have raised with FOSSA is that when it identifies an issue that is an error, why is it in error? What detail can they give to me? They've improved, but that still needs some work. They could provide more information that helps me to identify the dependencies and then figure out where they originated from.""I would like the FOSSA API to be broader. I would like not to have to interact with the GUI at all, to do the work that I want to do. I would like them to do API-first development, rather than a focus on the GUI.""On the legal and policy sides, there is some room for improvement. I know that our legal team has raised complaints about having to approve the same dependency multiple times, as opposed to having them it across the entire organization."

More FOSSA Cons »

Pricing and Cost Advice
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD.""The price is quite high because the behavior of the software during the scan is similar to competing products."

More Black Duck Pricing and Cost Advice »

"FOSSA is not cheap."

More FOSSA Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
448,542 professionals have used our research since 2012.
Questions from the Community
Top Answer: I like the fact that the product auto analyzes components.
Top Answer: There are some features that cost extra but we don't use them because I'm not sure there's added value. The product is not cheap. There are several methods of payment - by product, by scale, or by… more »
Top Answer: In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is… more »
Ask a question

Earn 20 points

Ranking
Views
12,944
Comparisons
9,266
Reviews
3
Average Words per Review
863
Avg. Rating
6.7
Views
1,387
Comparisons
1,044
Reviews
7
Average Words per Review
2,414
Avg. Rating
8.6
Popular Comparisons
Compared 31% of the time.
Compared 17% of the time.
Compared 14% of the time.
Compared 2% of the time.
Compared 20% of the time.
Compared 15% of the time.
Compared 8% of the time.
Compared 7% of the time.
Also Known As
Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Learn
Synopsys
FOSSA
Video Not Available
Overview

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.
Offer
Learn more about Black Duck
Learn more about FOSSA
Sample Customers
Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeafAppDyanmic, Uber, Twitter, Zendesk, Confluent
Top Industries
VISITORS READING REVIEWS
Computer Software Company43%
Comms Service Provider14%
Manufacturing Company9%
Financial Services Firm6%
REVIEWERS
Computer Software Company43%
Legal Firm14%
Comms Service Provider14%
Financial Services Firm14%
VISITORS READING REVIEWS
Computer Software Company43%
Comms Service Provider10%
Manufacturing Company10%
Financial Services Firm6%
Company Size
No Data Available
REVIEWERS
Small Business29%
Midsize Enterprise14%
Large Enterprise57%
Find out what your peers are saying about Black Duck vs. FOSSA and other solutions. Updated: November 2020.
448,542 professionals have used our research since 2012.

Black Duck is ranked 4th in Software Composition Analysis (SCA) with 4 reviews while FOSSA is ranked 6th in Software Composition Analysis (SCA) with 7 reviews. Black Duck is rated 6.6, while FOSSA is rated 8.6. The top reviewer of Black Duck writes "Useful for determining the health of applications that contain open source components". On the other hand, the top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". Black Duck is most compared with WhiteSource, Snyk, Sonatype Nexus Lifecycle, JFrog Xray and FlexNet Code Insight, whereas FOSSA is most compared with WhiteSource, Snyk, Sonatype Nexus Lifecycle, JFrog Xray and Veracode Software Composition Analysis. See our Black Duck vs. FOSSA report.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.