Black Duck

  On this page:

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source in development. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Add your review

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Supported Languages

• C
• C++
• C#
• Clojure
• Erlang 
• Golang
• Groovy
• Java
• JavaScript 
• Kotlin
• Node.js 
• Objective-C
• Perl 
• Python 
• PHP 
• R 
• Ruby
• Scala
• Swift 
• .NET Cloud technologies

Package Managers

• NuGet 
• Hex 
• Vndr 
• Godep 
• Dep 
• Maven 
• Gradle 
• Npm 
• CocoaPods 
• Cpanm 
• Conda 
• Pear 
• Composer 
• Pip 
• Packrat 
• RubyGems 
• SBT 
• Bazel
• Cargo
• C/C++ (Clang)
• GoLang
• Erlang/Hex
• Rebar
• Python
• Yarn
• Yocto

BDBA Package Manager Support

• Distro-package-manager: Leverages
information from a Linux distribution
package manager database to extract
component information.
• The remaining four methods are only
applicable to Java bytecode:
– pom: Extracts the Java package, group
name, and version from the pom.xml
or pom.properties files in a JAR file.
– manifest: extracts the Java package
name and version from the entries in
the MANIFEST.MF file in a JAR file.
– jar-filename: Extracts the Java
package name and version from the
jar-filename.
– hashsum: Uses the sha1 checksum
of the JAR file to look it up from
known Maven Central registered
Java projects.


Binary formats

• Native binaries
• Java binaries
• .NET binaries
• Go binaries


Compression formats

• Gzip (.gz)
• bzip2 (.bz2)
• LZMA (.lz)
• LZ4 (.lz4) 
• Compress (.Z)
• XZ (.xz)
• Pack200 (.jar)
• UPX (.exe)
• Snappy
• DEFLATE
• zStandard (.zst) 
Archive formats
• ZIP (.zip, .jar, .apk, and other derivatives)
• XAR (.xar) 
• 7-Zip (.7z)
• ARJ (.arj)
• TAR (.tar)
• VM TAR (.tar) 
• cpio (.cpio)
• RAR (.rar)
• LZH (.lzh) 
• Electron archive (.asar) 
• DUMP

Installation formats

• Red Hat RPM (.rpm)
• Debian package (.deb)
• Mac installers (.dmg, .pkg)
• Unix shell file installers (.sh, .bin)
• Windows installers (.exe, .msi, .cab)
• vSphere Installation Bundle (.vib) 
• Bitrock Installer 
• Installer generator formats that are
supported:
– 7z, zip, rar self extracting .exe 
– MSI Installer 
– CAB Installer 
– InstallAnywhere 
– Install4J 
– InstallShield 
– InnoSetup 
– Wise Installer 
– Nullsoft Scriptable Install System
(NSIS) 
– WiX Installer 

Firmware formats

• Intel HEX 
• SREC 
• U-Boot 
• Arris firmware 
• Juniper firmware 
• Kosmos firmware 
• Android sparse file system 
• Cisco firmware 


File systems / disk images

• ISO 9660 / UDF (.iso) 
• Windows Imaging 
• ext2/3/4 
• JFFS2 
• UBIFS 
• RomFS 
• Microsoft Disk Image 
• Macintosh HFS 
• VMware VMDK (.vmdk, .ova) 
• QEMU Copy-On-Write (.qcow2) 
• VirtualBox VDI (.vdi) 
• QNX—EFS, IFS 
• NetBoot image (.nbi) 
• FreeBSD UFS 


Container Formats

• Docker

Integrations

Cloud platforms

• Amazon Web Services
• Google Cloud Platform
• Microsoft Azure
• Pivotal Cloud Foundry
Container platforms
• Docker
• OpenShift
• Pivotal Cloud Foundry
• Kubernetes Package managers

Databases

• PostgreSQL

DevOps tools
IDEs

• Eclipse
• Visual Studio IDE
• IntelliJ IDEA
• WebStorm
• PyCharm
• RubyMine
• PhpStorm
• VS Code
• Android Studio

Continuous integration

• Jenkins
• TeamCity
• Bamboo
• Team Foundation Server
• Travis CI
• CircleCI
• GitLab CI
• Visual Studio Team Services
• Concourse CI
• AWS CodeBuild
• Codeship
• Azure DevOps
• GitHub Actions
• OpenShift

Workflow and notifications

• Jira
• Slack
• Email
• SPDX
• Azure Boards
• Microsoft Teams
Binary and source repositories
• Artifactory
• Nexus


Application security suites


• IBM AppScan
• Micro Focus Fortify
• SonarQube
• ThreadFix
• Cybric
• Code Dx
• Fortify
• ZeroNorth

User Reviews

0.0 out of 5
0
0
0
0
0
Write a review

There are no reviews yet.

Be the first to review “Black Duck”

Your email address will not be published.

Black Duck

500,00 $

AppSec Santa