Compare Black Duck vs. WhiteSource

Black Duck is ranked 3rd in Software Composition Analysis with 1 review while WhiteSource is ranked 2nd in Software Composition Analysis with 3 reviews. Black Duck is rated 0, while WhiteSource is rated 7.4. The top reviewer of Black Duck writes "Useful for determining the health of applications that contain open source components". On the other hand, the top reviewer of WhiteSource writes "Using it, we can take some measures to improve things, replace a library, or update a library which was too old". Black Duck is most compared with WhiteSource, Veracode Software Composition Analysis and Sonatype Nexus Lifecycle, whereas WhiteSource is most compared with Black Duck , SonarQube and Snyk.
Cancel
You must select at least 2 products to compare!
Black Duck  Logo
8,452 views|6,403 comparisons
WhiteSource Logo
7,794 views|5,576 comparisons
Most Helpful Review
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
It highlights what the developers have done, and it shows the impact from an intellectual property point of view.

Read more »

The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate.The overall support that we receive is pretty good. ​We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds.We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs.Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.

Read more »

Cons
I would like to see more integration with other solutions, such as IntelliJ IDEA.

Read more »

We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running.Make the product available in a very stable way for other web browsers.Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model.

Read more »

Pricing and Cost Advice
Depending on the use case, the cost could range from $10,000 USD to $70,000 USD.

Read more »

The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​

Read more »

report
Use our free recommendation engine to learn which Software Composition Analysis solutions are best for your needs.
382,196 professionals have used our research since 2012.
Ranking
Views
8,452
Comparisons
6,403
Reviews
0
Average Words per Review
1,134
Avg. Rating
N/A
Views
7,794
Comparisons
5,576
Reviews
3
Average Words per Review
655
Avg. Rating
7.3
Top Comparisons
Compared 24% of the time.
Compared 21% of the time.
Compared 18% of the time.
Compared 10% of the time.
Also Known As
Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Learn
Synopsys
WhiteSource
Overview

Black Duck Hub is the leading platform for automated license compliance and open source security. Black Duck Hub helps security and development teams identify and mitigate open source-related risks across their application portfolio, while incorporating the functionality of Protex license compliance.

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulnerability alerts based on usage analysis.

We support over 200 programming languages and offer the widest vulnerability database aggregating information from dozens of peer-reviewed, respected sources.

Offer
Learn more about Black Duck
Learn more about WhiteSource
Sample Customers
CopperLeaf, ScienceLogic, Dynatrace, ClickFox, Siemens, Noser Engineering AGAutodesk, Temenos, Indeed.com, GE digital, KPMG, LivePerson, Jack Henry and Associates
Top Industries
VISITORS READING REVIEWS
Software R&D Company43%
Comms Service Provider9%
Manufacturing Company9%
Financial Services Firm7%
VISITORS READING REVIEWS
Software R&D Company45%
Comms Service Provider10%
Insurance Company6%
Manufacturing Company5%
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
382,196 professionals have used our research since 2012.
We monitor all Software Composition Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email