We just raised a $30M Series A: Read our story

What is your primary use case for Black Duck?


How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

ITCS user
77 Answers

author avatar
Top 20Real User

I am not working with Black Duck. I manage a team that works with Black Duck.

author avatar
Top 5LeaderboardReal User

We use Black Duck Hub to discover commercial and open-source licenses and the licensed software used by a company. Whenever a company enters the M&A process, a preliminary step called due diligence is done. A part of it is the technical discovery that includes finding out what software the company is using and whether the software is linked with any open-source software or commercial product for which you have to pay a license. Our main use case is to discover the license and find out if there is an obligation for the paid license. We also check the exposure of the software to open-source libraries. Open source is great, and it is a preferred solution for many companies. Around 90% of the software is now open source, but it is also exposed to vulnerabilities. So, through the dependencies that we were discovering, we were also working on the security exposure of the software product. For this purpose, we use Black Duck Hub.

author avatar
Top 20Vendor

We are using this solution for software analysis and vulnerability scanning.

author avatar
Top 20Real User

We're primarily using the solution for compliance. It's part of an audit process.

author avatar
Top 20Real User

We use Black Duck to examine our source code for compliance issues.

author avatar
Top 5Real User

I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis.

author avatar

We have been using this solution for between two and three years. We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,529 professionals have used our research since 2012.