We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different entities have access to the product. They run it by themselves and come to us with their findings. Our security team helps them take action.

As a DevOps engineer, I am supposed to integrate Black Duck in my CI/CD integration and deployment pipeline. The product teams in my company do a vulnerability scan of our products before we make them available in the market. From the product team's perspective, they check the vulnerability according to the scanning process done from pipelines. My company has a YAML script with which we add the stage, and from there, it gets integrated.

We use the solution to detect non-compliance in third-party applications.

Our company uses the solution to check open source software that is embedded in our products. 

We use Black Duck mainly for the DevSecOps pipeline. For the microservices-based application, we have to deploy Black Duck into the Kubernetes environment. 

I have worked for multiple clients across the world, such as the US and Europe in the banking, retail, and energy sectors.

We use Black Duck to examine our source code for compliance issues.

We have been using this solution for between two and three years.

We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build. 

I am not working with Black Duck. I manage a team that works with Black Duck.

We use Black Duck Hub to discover commercial and open-source licenses and the licensed software used by a company. Whenever a company enters the M&A process, a preliminary step called due diligence is done. A part of it is the technical discovery that includes finding out what software the company is using and whether the software is linked with any open-source software or commercial product for which you have to pay a license.

Our main use case is to discover the license and find out if there is an obligation for the paid license. We also check the exposure of the software to open-source libraries. Open source is great, and it is a preferred solution for many companies. Around 90% of the software is now open source, but it is also exposed to vulnerabilities. So, through the dependencies that we were discovering, we were also working on the security exposure of the software product. For this purpose, we use Black Duck Hub.

I'm a technology leader and an open source compliant and risk expert. I lead two domains, both are open source compliant. We use Black Duck in order to make internal audits on software during development, for license compliance, open source compliance, and open source vulnerability. We have an open source audit team, which has some administration rights on the tool and can make changes to the reports based on feedback from business units. Remaining users have permission via tokens to view reports. We would have around 300 users. Up to 20 users can access the system at any one time. The product is used on a daily basis. 

We use the solution to scan Java code. 

We're primarily using the solution for compliance. It's part of an audit process.

We are using this solution for software analysis and vulnerability scanning.