Differences between Black Duck & Veracode

What are the main differences between Black Duck and Veracode for Software Composition Analysis (SCA)?

22 Answers

author avatar
Top 5Real User

It really comes down to what your expectations are. Blackduck has the ability to do snippet analysis and binary scans in a very quick and efficient manner. due to the product being very mature as it's been around for over a decade. If your requirements do not encompass any of these factors then perhaps looking at things like having a multi-factor approach to open source detection or the size of the security research team managing and updating the product is of more interest. These are some of the aspects you need to ask yourself when selecting a product.

author avatar

Clients that have benchmarked our solution against both BlackDuck and Veracode have noted that BlackDuck identifies more vulnerabilities, but also has more false positives. Note that MergeBase is more accurate in identifying more vulnerabilities with less false positives than either of these two.

Find out what your peers are saying about Sonatype, Snyk, WhiteSource and others in Software Composition Analysis (SCA). Updated: November 2020.
448,290 professionals have used our research since 2012.