Black Duck

On this page:

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source in development. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Add your review

Description
Reviews (0)

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Supported Languages

• C
• C++
• C#
• Clojure
• Erlang 
• Golang
• Groovy
• Java
• JavaScript 
• Kotlin
• Node.js 
• Objective-C
• Perl 
• Python 
• PHP 
• R 
• Ruby
• Scala
• Swift 
• .NET Cloud technologies

Package Managers

• NuGet 
• Hex 
• Vndr 
• Godep 
• Dep 
• Maven 
• Gradle 
• Npm 
• CocoaPods 
• Cpanm 
• Conda 
• Pear 
• Composer 
• Pip 
• Packrat 
• RubyGems 
• SBT 
• Bazel
• Cargo
• C/C++ (Clang)
• GoLang
• Erlang/Hex
• Rebar
• Python
• Yarn
• Yocto

BDBA Package Manager Support

• Distro-package-manager: Leverages
information from a Linux distribution
package manager database to extract
component information.
• The remaining four methods are only
applicable to Java bytecode:
– pom: Extracts the Java package, group
name, and version from the pom.xml
or pom.properties files in a JAR file.
– manifest: extracts the Java package
name and version from the entries in
the MANIFEST.MF file in a JAR file.
– jar-filename: Extracts the Java
package name and version from the
jar-filename.
– hashsum: Uses the sha1 checksum
of the JAR file to look it up from
known Maven Central registered
Java projects.

Binary formats

• Native binaries
• Java binaries
• .NET binaries
• Go binaries

Compression formats

• Gzip (.gz)
• bzip2 (.bz2)
• LZMA (.lz)
• LZ4 (.lz4) 
• Compress (.Z)
• XZ (.xz)
• Pack200 (.jar)
• UPX (.exe)
• Snappy
• DEFLATE
• zStandard (.zst) 
Archive formats
• ZIP (.zip, .jar, .apk, and other derivatives)
• XAR (.xar) 
• 7-Zip (.7z)
• ARJ (.arj)
• TAR (.tar)
• VM TAR (.tar) 
• cpio (.cpio)
• RAR (.rar)
• LZH (.lzh) 
• Electron archive (.asar) 
• DUMP

Installation formats

• Red Hat RPM (.rpm)
• Debian package (.deb)
• Mac installers (.dmg, .pkg)
• Unix shell file installers (.sh, .bin)
• Windows installers (.exe, .msi, .cab)
• vSphere Installation Bundle (.vib)
• Bitrock Installer
• Installer generator formats that are
supported:
– 7z, zip, rar self extracting .exe
– MSI Installer
– CAB Installer
– InstallAnywhere
– Install4J
– InstallShield
– InnoSetup
– Wise Installer
– Nullsoft Scriptable Install System
(NSIS)
– WiX Installer

Firmware formats

• Intel HEX
• SREC
• U-Boot
• Arris firmware
• Juniper firmware
• Kosmos firmware
• Android sparse file system
• Cisco firmware

File systems / disk images

• ISO 9660 / UDF (.iso)
• Windows Imaging
• ext2/3/4
• JFFS2
• UBIFS
• RomFS
• Microsoft Disk Image
• Macintosh HFS
• VMware VMDK (.vmdk, .ova)
• QEMU Copy-On-Write (.qcow2)
• VirtualBox VDI (.vdi)
• QNX—EFS, IFS
• NetBoot image (.nbi)
• FreeBSD UFS

Container Formats

• Docker

Integrations

Cloud platforms

• Amazon Web Services
• Google Cloud Platform
• Microsoft Azure
• Pivotal Cloud Foundry
Container platforms
• Docker
• OpenShift
• Pivotal Cloud Foundry
• Kubernetes Package managers

Databases

• PostgreSQL

DevOps tools

IDEs

• Eclipse
• Visual Studio IDE
• IntelliJ IDEA
• WebStorm
• PyCharm
• RubyMine
• PhpStorm
• VS Code
• Android Studio

Continuous integration

• Jenkins
• TeamCity
• Bamboo
• Team Foundation Server
• Travis CI
• CircleCI
• GitLab CI
• Visual Studio Team Services
• Concourse CI
• AWS CodeBuild
• Codeship
• Azure DevOps
• GitHub Actions
• OpenShift

Workflow and notifications

• Jira
• Slack
• Email
• SPDX
• Azure Boards
• Microsoft Teams
Binary and source repositories
• Artifactory
• Nexus

Application security suites

• IBM AppScan
• Micro Focus Fortify
• SonarQube
• ThreadFix
• Cybric
• Code Dx
• Fortify
• ZeroNorth

User Reviews

0.0 out of 5

★★★★★

Write a review

There are no reviews yet.

Be the first to review “Black Duck” Cancel reply

Black Duck

Description
Reviews (0)

500,00 $

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.