Black Duck
Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source in development. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.
Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.
Supported Languages
• C
• C++
• C#
• Clojure
• Erlang
• Golang
• Groovy
• Java
• JavaScript
• Kotlin
• Node.js
• Objective-C
• Perl
• Python
• PHP
• R
• Ruby
• Scala
• Swift
• .NET Cloud technologies
Package Managers
• NuGet
• Hex
• Vndr
• Godep
• Dep
• Maven
• Gradle
• Npm
• CocoaPods
• Cpanm
• Conda
• Pear
• Composer
• Pip
• Packrat
• RubyGems
• SBT
• Bazel
• Cargo
• C/C++ (Clang)
• GoLang
• Erlang/Hex
• Rebar
• Python
• Yarn
• Yocto
BDBA Package Manager Support
• Distro-package-manager: Leverages
information from a Linux distribution
package manager database to extract
component information.
• The remaining four methods are only
applicable to Java bytecode:
– pom: Extracts the Java package, group
name, and version from the pom.xml
or pom.properties files in a JAR file.
– manifest: extracts the Java package
name and version from the entries in
the MANIFEST.MF file in a JAR file.
– jar-filename: Extracts the Java
package name and version from the
jar-filename.
– hashsum: Uses the sha1 checksum
of the JAR file to look it up from
known Maven Central registered
Java projects.
Binary formats
• Native binaries
• Java binaries
• .NET binaries
• Go binaries
Compression formats
• Gzip (.gz)
• bzip2 (.bz2)
• LZMA (.lz)
• LZ4 (.lz4)
• Compress (.Z)
• XZ (.xz)
• Pack200 (.jar)
• UPX (.exe)
• Snappy
• DEFLATE
• zStandard (.zst)
Archive formats
• ZIP (.zip, .jar, .apk, and other derivatives)
• XAR (.xar)
• 7-Zip (.7z)
• ARJ (.arj)
• TAR (.tar)
• VM TAR (.tar)
• cpio (.cpio)
• RAR (.rar)
• LZH (.lzh)
• Electron archive (.asar)
• DUMP
Installation formats
• Red Hat RPM (.rpm)
• Debian package (.deb)
• Mac installers (.dmg, .pkg)
• Unix shell file installers (.sh, .bin)
• Windows installers (.exe, .msi, .cab)
• vSphere Installation Bundle (.vib)
• Bitrock Installer
• Installer generator formats that are
supported:
– 7z, zip, rar self extracting .exe
– MSI Installer
– CAB Installer
– InstallAnywhere
– Install4J
– InstallShield
– InnoSetup
– Wise Installer
– Nullsoft Scriptable Install System
(NSIS)
– WiX Installer
Firmware formats
• Intel HEX
• SREC
• U-Boot
• Arris firmware
• Juniper firmware
• Kosmos firmware
• Android sparse file system
• Cisco firmware
File systems / disk images
• ISO 9660 / UDF (.iso)
• Windows Imaging
• ext2/3/4
• JFFS2
• UBIFS
• RomFS
• Microsoft Disk Image
• Macintosh HFS
• VMware VMDK (.vmdk, .ova)
• QEMU Copy-On-Write (.qcow2)
• VirtualBox VDI (.vdi)
• QNX—EFS, IFS
• NetBoot image (.nbi)
• FreeBSD UFS
Container Formats
• Docker
Integrations
Cloud platforms
• Amazon Web Services
• Google Cloud Platform
• Microsoft Azure
• Pivotal Cloud Foundry
Container platforms
• Docker
• OpenShift
• Pivotal Cloud Foundry
• Kubernetes Package managers
Databases
• PostgreSQL
DevOps tools
IDEs
• Eclipse
• Visual Studio IDE
• IntelliJ IDEA
• WebStorm
• PyCharm
• RubyMine
• PhpStorm
• VS Code
• Android Studio
Continuous integration
• Jenkins
• TeamCity
• Bamboo
• Team Foundation Server
• Travis CI
• CircleCI
• GitLab CI
• Visual Studio Team Services
• Concourse CI
• AWS CodeBuild
• Codeship
• Azure DevOps
• GitHub Actions
• OpenShift
Workflow and notifications
• Jira
• Slack
• Email
• SPDX
• Azure Boards
• Microsoft Teams
Binary and source repositories
• Artifactory
• Nexus
Application security suites
• IBM AppScan
• Micro Focus Fortify
• SonarQube
• ThreadFix
• Cybric
• Code Dx
• Fortify
• ZeroNorth
There are no reviews yet.