Compare Black Duck vs. Veracode Software Composition Analysis
 |
Quotes From Members
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros | |
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view." "I like the fact that the product auto analyzes components." "The stability is okay." "The solution works well on Mac products." | "The most valuable feature is the efficiency of the tool in finding vulnerabilities." "The solution is stable. we've never had any issues surrounding its stability." "This is a great tool for learning about potential vulnerabilities in code." "The article scanning is excellent." "The most valuable feature is the dynamic application security testing." |
Cons | |
"I would like to see more integration with other solutions, such as IntelliJ IDEA." "The scanner client is limited by the size of software it can handle." "It needs to be more user-friendly for developers and in general, to ensure compliance." "We're not too sure about the extension of the firewall. It never shows up in the Hub." | "A high number of false positives are reported and this should be reduced." "The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified." "There were some additional manual steps or work involved that we should not have needed to do." "The documentation is poor and the technical support isn't helpful." "In the future, I would like to see the RASP capability built-in." |
Pricing and Cost Advice | |
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD." "The price is quite high because the behavior of the software during the scan is similar to competing products." | "Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support." More Veracode Software Composition Analysis Pricing and Cost Advice » |
 Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs. 446,626 professionals have used our research since 2012. | |
Questions from the Community | |
Top Answer: I like the fact that the product auto analyzes components. Top Answer: There are some features that cost extra but we don't use them because I'm not sure there's added value. The product is not cheap. There are several methods of payment - by product, by scale, or by… more » Top Answer: In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is… more » | Top Answer: The article scanning is excellent. Top Answer: I have no idea what the licensing costs on the solution are. Our IT team handles the details. Top Answer: The licensing model could be improved. If they can provide an automatic upload model, that would be really good. Right now we have to upload the NK bucket hosting to get through the analysis. That is… more » |
Ranking  | |
Views 12,500 Comparisons 9,000 Reviews 3 Average Words per Review 863 Avg. Rating 6.7 | Views 2,615 Comparisons 2,219 Reviews 5 Average Words per Review 559 Avg. Rating 7.4 |
Popular Comparisons | |
 Compared 31% of the time.  Compared 17% of the time.  Compared 15% of the time.  Compared 14% of the time.  Compared 6% of the time. | Compared 20% of the time. Compared 12% of the time. Compared 11% of the time. Compared 9% of the time. Compared 3% of the time. |
Also Known As | |
| Blackduck Hub, Black Duck Protex, Black Duck Security Checker | Veracode SCA, SourceClear |
Learn | |
| Synopsys | Veracode |
Overview | |
Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle. | Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance. |
Offer | |
Learn more about Black Duck | Learn more about Veracode Software Composition Analysis |
Sample Customers | |
| Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf | Blue Prism, Advantasure, Automation Anywhere, Cox Automotive |
Top Industries | |
Computer Software Company43% Comms Service Provider13% Manufacturing Company9% Financial Services Firm5% | Computer Software Company44% Comms Service Provider10% Manufacturing Company6% Retailer5% |
Company Size | |
No Data Available | Small Business43% Midsize Enterprise29% Large Enterprise29% |
Find out what your peers are saying about Black Duck vs. Veracode Software Composition Analysis and other solutions. Updated: November 2020.
446,626 professionals have used our research since 2012.
Black Duck is ranked 4th in Software Composition Analysis (SCA) with 4 reviews while Veracode Software Composition Analysis is ranked 7th in Software Composition Analysis (SCA) with 5 reviews. Black Duck is rated 6.6, while Veracode Software Composition Analysis is rated 7.4. The top reviewer of Black Duck writes "Useful for determining the health of applications that contain open source components". On the other hand, the top reviewer of Veracode Software Composition Analysis writes "Enables us to identify potential problems in applications and fix them before they are used in ways they should not be but has false positives". Black Duck is most compared with WhiteSource, Snyk, Sonatype Nexus Lifecycle, JFrog Xray and FOSSA, whereas Veracode Software Composition Analysis is most compared with JFrog Xray, Snyk, WhiteSource, Sonatype Nexus Lifecycle and FOSSA. See our Black Duck vs. Veracode Software Composition Analysis report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post
reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference
with LinkedIn, and personal follow-up with the reviewer when necessary.