My use case for Black Duck is that it's primarily number one in the world because of the robustness of the solution. It's very accurate and is one of the more accurate solutions in the market. It's very exhaustive in terms of not just the primary source code, but also the dependencies, macros, and binaries. It tracks all of those. The robustness of the solution as well as the accuracy of the solution is what makes me look at Black Duck. The flip side is it is more expensive than the rest of the software solutions.

The primary use cases are compliance and scanning in terms of license compliance and trying to identify snippets, particularly if there are any snippets being identified that are coming from open source. I also focus on identifying any open source components that are being used.

I recommend Black Duck for teams that need to identify their software components. It provides visibility for software components, their security risks, operational risks, and license compliance.

As a DevOps engineer, I am supposed to integrate Black Duck in my CI/CD integration and deployment pipeline. The product teams in my company do a vulnerability scan of our products before we make them available in the market. From the product team's perspective, they check the vulnerability according to the scanning process done from pipelines. My company has a YAML script with which we add the stage, and from there, it gets integrated.

For scanning purposes, we use Synopsys Black Duck.

Primarily, we use it to ensure all our projects go through Black Duck scans. We do this sometimes via source code analysis and sometimes via binary analysis/Docker analysis. It figures out third-party components, any security vulnerabilities, and more. 

Our primary focus is security – it also flags operational vulnerabilities, like outdated software versions or lack of active maintainers, but we generally don't give those as much weight.

We use Black Duck for open-source compliance in our software projects.

I use Black Duck to detect vulnerabilities in open-source software before integrating it into my project.

We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different entities have access to the product. They run it by themselves and come to us with their findings. Our security team helps them take action.

We use the solution to detect non-compliance in third-party applications.

Our company uses the solution to check open source software that is embedded in our products. 

We use the solution to scan Java code. 

We use Black Duck mainly for the DevSecOps pipeline. For the microservices-based application, we have to deploy Black Duck into the Kubernetes environment. 

I have worked for multiple clients across the world, such as the US and Europe in the banking, retail, and energy sectors.

I am not working with Black Duck. I manage a team that works with Black Duck.

We use Black Duck Hub to discover commercial and open-source licenses and the licensed software used by a company. Whenever a company enters the M&A process, a preliminary step called due diligence is done. A part of it is the technical discovery that includes finding out what software the company is using and whether the software is linked with any open-source software or commercial product for which you have to pay a license.

Our main use case is to discover the license and find out if there is an obligation for the paid license. We also check the exposure of the software to open-source libraries. Open source is great, and it is a preferred solution for many companies. Around 90% of the software is now open source, but it is also exposed to vulnerabilities. So, through the dependencies that we were discovering, we were also working on the security exposure of the software product. For this purpose, we use Black Duck Hub.

We are using this solution for software analysis and vulnerability scanning.

We're primarily using the solution for compliance. It's part of an audit process.

We use Black Duck to examine our source code for compliance issues.

I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis. 

We have been using this solution for between two and three years.

We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.