2020-05-29T20:50:00Z

Differences between Black Duck & Veracode


What are the main differences between Black Duck and Veracode for Software Composition Analysis (SCA)?

Guest
22 Answers

author avatar
Top 5Real User

It really comes down to what your expectations are. Blackduck has the ability to do snippet analysis and binary scans in a very quick and efficient manner. due to the product being very mature as it's been around for over a decade. If your requirements do not encompass any of these factors then perhaps looking at things like having a multi-factor approach to open source detection or the size of the security research team managing and updating the product is of more interest. These are some of the aspects you need to ask yourself when selecting a product.

2020-06-08T23:31:51Z
author avatar
Vendor

Clients that have benchmarked our solution against both BlackDuck and Veracode have noted that BlackDuck identifies more vulnerabilities, but also has more false positives. Note that MergeBase is more accurate in identifying more vulnerabilities with less false positives than either of these two.

2020-06-02T19:37:08Z
Find out what your peers are saying about Sonatype, Snyk, WhiteSource and others in Software Composition Analysis (SCA). Updated: November 2020.
448,290 professionals have used our research since 2012.