What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations.
The field of software composition analysis has many contenders, who offer a range of functionality, integrations, and features. So why choose Black Duck? Here are three things that we’re particularly proud of.
Black Duck continuously delivers on the functionality that our customers find valuable. Here are a couple of key areas where we lead the field in innovation:
Black Duck’s industry-leading license compliance functionality continues to improve with each release. Our scan technology allows you to perform scans down to the snippet level, for the most comprehensive open source discovery. Snippet scanning helps you ensure you have a handle on all your open source licenses, beyond just what’s declared. With this functionality, you can compare the snippet in your application side by side against its match in our KnowledgeBase™ for fast identification and triage. Want to move fast? Set Black Duck to perform only delta scans on new source code. We also provide custom license families so you can set your own risk profiles based on your own definitions, view license responsibilities and confirm license commitments have been met, and generate automated notices reports.
Black Duck Binary Analysis
Black Duck has integrated binary analysis, so you can scan binaries in the absence of source code and receive that information in your unified bill of materials (BOM). Leveraging the power of the Synopsys portfolio, we have integrated our powerful binary analysis technology right into the Black Duck platform so you can identify open source risks and plan remediation in third-party libraries and executables.
Extensive, informative vulnerability detection
Software composition analysis (SCA) solutions use multiple data feeds to discover open source vulnerabilities. Most SCA solutions simply add this data directly to their databases. But Black Duck takes vulnerability detection a step further by harnessing this fire hose of vulnerability data and creating a curated feed of enhanced vulnerability information: Black Duck Security Advisories (BDSAs).
Black Duck Security Advisories
Our expert security researchers prioritize their efforts based on what components our customers are using. Then they provide you with detailed information about each vulnerability on the same day, on average 30 days ahead of the NVD. Each BDSA provides:
- A full profile of the vulnerability
- How the vulnerability manifests itself
- Exploit information, if available
- Standardized risk metrics
- Risk metrics customized to your BOM (e.g., is it in an external project?)
- Potential workarounds, if available
- Technical details (in-depth technical breakdown of the vulnerability)
- Patch/remediation guidance for developers, if available
Easy, intuitive integrations
Black Duck achieved one of the highest scores in the SDLC Integrations category in The Forrester Wave™: Software Composition Analysis, Q2 2019, which states, “Synopsys has very strong policy management and SDLC integrations and strong proactive vulnerability management, including a BOM compare feature that highlights what has changed over time.” We offer integrations for Jira Cloud, Red Hat OpenShift, Kubernetes, Google Cloud, and GitHub, among many others (see the full list). Many of these integrations are customizable and allow users to integrate open source management directly into their existing workflow.
Ready to learn more?
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Shandra Gemmiti. Read the original post at: https://www.synopsys.com/blogs/software-security/top-3-reasons-to-choose-black-duck/