Black Duck Primary Use Case
My use case for Black Duck is that it's primarily number one in the world because of the robustness of the solution. It's very accurate and is one of the more accurate solutions in the market. It's very exhaustive in terms of not just the primary source code, but also the dependencies, macros, and binaries. It tracks all of those. The robustness of the solution as well as the accuracy of the solution is what makes me look at Black Duck. The flip side is it is more expensive than the rest of the software solutions.
View full review »I recommend Black Duck for teams that need to identify their software components. It provides visibility for software components, their security risks, operational risks, and license compliance.
View full review »
The primary use case for Black Duck is software composition analysis.
View full review »
Buyer's Guide
Black Duck
June 2025

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,168 professionals have used our research since 2012.
We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different entities have access to the product. They run it by themselves and come to us with their findings. Our security team helps them take action.
View full review »As a DevOps engineer, I am supposed to integrate Black Duck in my CI/CD integration and deployment pipeline. The product teams in my company do a vulnerability scan of our products before we make them available in the market. From the product team's perspective, they check the vulnerability according to the scanning process done from pipelines. My company has a YAML script with which we add the stage, and from there, it gets integrated.
View full review »For scanning purposes, we use Synopsys Black Duck.
Primarily, we use it to ensure all our projects go through Black Duck scans. We do this sometimes via source code analysis and sometimes via binary analysis/Docker analysis. It figures out third-party components, any security vulnerabilities, and more.
Our primary focus is security – it also flags operational vulnerabilities, like outdated software versions or lack of active maintainers, but we generally don't give those as much weight.
We use Black Duck for open-source compliance in our software projects.
View full review »DH
Doan Hieu
Project Manager at a manufacturing company with 11-50 employees
I use Black Duck to detect vulnerabilities in open-source software before integrating it into my project.
View full review »We use the solution to detect non-compliance in third-party applications.
View full review »ZR
Zhengang Ren
Senior Quality Manager at a financial services firm with 11-50 employees
Our company uses the solution to check open source software that is embedded in our products.
View full review »JR
Jyotiprasad RATH
Head: Open Source Program Office at a financial services firm with 10,001+ employees
I am not working with Black Duck. I manage a team that works with Black Duck.
View full review »We use Black Duck mainly for the DevSecOps pipeline. For the microservices-based application, we have to deploy Black Duck into the Kubernetes environment.
I have worked for multiple clients across the world, such as the US and Europe in the banking, retail, and energy sectors.
View full review »We use Black Duck Hub to discover commercial and open-source licenses and the licensed software used by a company. Whenever a company enters the M&A process, a preliminary step called due diligence is done. A part of it is the technical discovery that includes finding out what software the company is using and whether the software is linked with any open-source software or commercial product for which you have to pay a license.
Our main use case is to discover the license and find out if there is an obligation for the paid license. We also check the exposure of the software to open-source libraries. Open source is great, and it is a preferred solution for many companies. Around 90% of the software is now open source, but it is also exposed to vulnerabilities. So, through the dependencies that we were discovering, we were also working on the security exposure of the software product. For this purpose, we use Black Duck Hub.
RS
RaviShankar
Lead Product Enginner at Harman International Industries, Incorporated
We are using this solution for software analysis and vulnerability scanning.
View full review »We're primarily using the solution for compliance. It's part of an audit process.
View full review »We use Black Duck to examine our source code for compliance issues.
View full review »ZR
Zvika-Ronen
Chief Technology Officer (CTO) at FOSSAWARE
I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis.
VM
Vivek Mishra
Senior Technical Architect at IGT Solutions
We use the solution to scan Java code.
View full review »TO
TundeOgunkoya
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
We have been using this solution for between two and three years.
We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.
View full review »Buyer's Guide
Black Duck
June 2025

Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,168 professionals have used our research since 2012.