We just raised a $30M Series A: Read our story
2019-05-28T07:49:00Z

What needs improvement with Black Duck?

11

Please share with the community what you think needs improvement with Black Duck.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
88 Answers

author avatar
Top 20Real User

We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck. I feel that it is just a matter of time and it should be fine.

2021-08-26T09:43:15Z
author avatar
Top 5LeaderboardReal User

Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive.

2021-08-06T14:11:22Z
author avatar
Top 5LeaderboardReal User

It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.

2020-12-15T15:36:41Z
author avatar
Top 20Vendor

The initial setup could be simplified. It was somewhat complex. In the next release, I would like to see packet analysis and binary analysis included as features.

2020-12-07T19:42:53Z
author avatar
Top 20Real User

The solution requires us to manually identify codes and other forms of identification, and this takes up a lot of time. The patterns the solution uses for identification need to be constantly reviewed by our team. There's also no time stamps. Everything needs to be reviewed. It takes double the time to identify things. Features just don't come up in the Hub. We'd like to be able to authenticate through our two companies. We're not too sure about the extension of the firewall. It never shows up in the Hub. The Hub doesn't like that we have binary sides, so, once again, we need to check everything, meaning we get double the work. The scanning aspect of the resolution needs to be improved. Right now, as it is, it's not okay. It would be ideal if the solution offered features to add one or more components to a file.

2020-09-27T04:10:02Z
author avatar
Top 20Real User

The older version that we are using is very primitive. You have to do every step, right from setting up an application to the user. The code has to sit in a particular folder and all of the open-source dependencies have to be there. With everything in one folder, it starts to scan. As we are using Code Center, we need to ensure that all of the components are there. However, there are thousands of components and for each submission, the components have to be there. There are no bulk submissions or bulk transfers. Essentially, you need to write your own scripts with the APIs to do it more efficiently. It needs to be more user-friendly for developers and in general, to ensure compliance. The scanning should be quick and easy to use, rather than complex. The pricing for this solution should definitely be lower.

2020-06-07T09:08:59Z
author avatar
Top 5Real User

In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is separated into sub-scans. If you want the status on a certain scan, you can't get it automatically and it can sometimes take a couple of hours. If you want to attach the scan into a CI process and then get an actual result it cannot provide an accurate status. We are running a Proscan developed in-house and this manipulates the result. It doesn't change the result but it adds some attributes to it. For instance, it gets an alter source and it gives you a link for the domain where you can read more about it. Or if the GUI suggests the conversion, and provides an excel report, you do not really need to go to the GUI, it can be accessed by email after the scan. These attributes and manipulations are done by the API developed in-house for the GUI. For additional features, I'd like to be able to see SQL on demand, side by side. I'd like to be able to change a room with managed components inside the project, and still have it affect other projects. There is currently no internal database for manual changes which would be a good addition. Also, it would be helpful to include isolation of parts from the doctor image, for instance.

2020-01-15T08:04:00Z
author avatar
Reseller

I would like to see more integration with other solutions, such as IntelliJ IDEA.

2019-05-28T07:49:00Z
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
555,139 professionals have used our research since 2012.