Compare Black Duck vs. Veracode Software Composition Analysis

Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Black Duck vs. Veracode Software Composition Analysis and other solutions. Updated: November 2020.
446,626 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view.""I like the fact that the product auto analyzes components.""The stability is okay.""The solution works well on Mac products."

More Black Duck Pros »

"The most valuable feature is the efficiency of the tool in finding vulnerabilities.""The solution is stable. we've never had any issues surrounding its stability.""This is a great tool for learning about potential vulnerabilities in code.""The article scanning is excellent.""The most valuable feature is the dynamic application security testing."

More Veracode Software Composition Analysis Pros »

Cons
"I would like to see more integration with other solutions, such as IntelliJ IDEA.""The scanner client is limited by the size of software it can handle.""It needs to be more user-friendly for developers and in general, to ensure compliance.""We're not too sure about the extension of the firewall. It never shows up in the Hub."

More Black Duck Cons »

"A high number of false positives are reported and this should be reduced.""The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified.""There were some additional manual steps or work involved that we should not have needed to do.""The documentation is poor and the technical support isn't helpful.""In the future, I would like to see the RASP capability built-in."

More Veracode Software Composition Analysis Cons »

Pricing and Cost Advice
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD.""The price is quite high because the behavior of the software during the scan is similar to competing products."

More Black Duck Pricing and Cost Advice »

"Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support."

More Veracode Software Composition Analysis Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
446,626 professionals have used our research since 2012.
Questions from the Community
Top Answer: I like the fact that the product auto analyzes components.
Top Answer: There are some features that cost extra but we don't use them because I'm not sure there's added value. The product is not cheap. There are several methods of payment - by product, by scale, or by… more »
Top Answer: In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is… more »
Top Answer: I have no idea what the licensing costs on the solution are. Our IT team handles the details.
Top Answer: The licensing model could be improved. If they can provide an automatic upload model, that would be really good. Right now we have to upload the NK bucket hosting to get through the analysis. That is… more »
Ranking
Views
12,500
Comparisons
9,000
Reviews
3
Average Words per Review
863
Avg. Rating
6.7
Views
2,615
Comparisons
2,219
Reviews
5
Average Words per Review
559
Avg. Rating
7.4
Popular Comparisons
Compared 31% of the time.
Compared 17% of the time.
Compared 14% of the time.
Compared 6% of the time.
Also Known As
Blackduck Hub, Black Duck Protex, Black Duck Security CheckerVeracode SCA, SourceClear
Learn
Synopsys
Veracode
Overview

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance.

Offer
Learn more about Black Duck
Learn more about Veracode Software Composition Analysis
Sample Customers
Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeafBlue Prism, Advantasure, Automation Anywhere, Cox Automotive
Top Industries
VISITORS READING REVIEWS
Computer Software Company43%
Comms Service Provider13%
Manufacturing Company9%
Financial Services Firm5%
VISITORS READING REVIEWS
Computer Software Company44%
Comms Service Provider10%
Manufacturing Company6%
Retailer5%
Company Size
No Data Available
REVIEWERS
Small Business43%
Midsize Enterprise29%
Large Enterprise29%
Find out what your peers are saying about Black Duck vs. Veracode Software Composition Analysis and other solutions. Updated: November 2020.
446,626 professionals have used our research since 2012.
Black Duck is ranked 4th in Software Composition Analysis (SCA) with 4 reviews while Veracode Software Composition Analysis is ranked 7th in Software Composition Analysis (SCA) with 5 reviews. Black Duck is rated 6.6, while Veracode Software Composition Analysis is rated 7.4. The top reviewer of Black Duck writes "Useful for determining the health of applications that contain open source components". On the other hand, the top reviewer of Veracode Software Composition Analysis writes "Enables us to identify potential problems in applications and fix them before they are used in ways they should not be but has false positives". Black Duck is most compared with WhiteSource, Snyk, Sonatype Nexus Lifecycle, JFrog Xray and FOSSA, whereas Veracode Software Composition Analysis is most compared with JFrog Xray, Snyk, WhiteSource, Sonatype Nexus Lifecycle and FOSSA. See our Black Duck vs. Veracode Software Composition Analysis report.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.