Black Duck Reviews

Name: Black Duck
Brand: Synopsys
Rating: 4 (19 reviews)

Vendor: Synopsys

3.9 out of 5

19 reviews
82% willing to recommend

776 followers

Post review

What is Black Duck?

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Get the Black Duck Buyer's Guide and find out what your peers are saying about Black Duck, Veracode, GitLab and more!

Black Duck is the #1 ranked solution in top Software Composition Analysis (SCA) solutions. PeerSpot users give Black Duck an average rating of 7.8 out of 10. Black Duck is most commonly compared to Veracode: Black Duck vs Veracode. Black Duck is popular among the large enterprise segment, accounting for 75% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 21% of all views.

Helped 793,295 peers since 2012

Featured reviews

Saravanan_Radhakrishnan

Senior Manager at Happiest Minds Technologies

We use the solution for open-source security management. The product connects the entire customer entity into DevOps and DevSecOps. Solutions like Black Duck and Code Dx enable application testing and onboarding of different applications from entities for security. All the users in different…

Read full review

Aaron P

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

The only thing I don't like about the product is that it is quite expensive and it is not very feasible as an open-source platform. One of the other things that I hate about the product stems from my dislike of contacting the support team of Black Duck to know if there are some issues since debugging some issues can be quite difficult. I don't find reliable or feasible documents to help me debug all those issues. The solution's pricing model and documentation areas of concern where improvement is needed. In our company, we get some issues or errors when we run a pipeline, and debugging those errors can be tedious and time-consuming. To minimize the time for debugging errors, I feel that Black Duck needs to add some documentation or something that will make it easy for users to debug the errors instead of seeking help from Black Duck's support team every time. Black Duck can add features, like viewing the vulnerability, to help users figure out the next step if they detect some vulnerability while also providing them some steps to help them follow some remedial steps, along with an explanation of measures to mitigate such issues. Black Duck's UI or server doesn't provide functionality to help users view the vulnerability, which is a process that needs to be automated. The solution's scalability is an area that needs to improve.

Read full review

Sagar Mody

Solutions Architect at a tech services company with 10,001+ employees

It's still a bit inconsistent. For example, sometimes a scan might reveal components or vulnerabilities, and the next day they might not show up. There's a lack of consistency at times. Of course, this could sometimes be due to new vulnerabilities being identified in the public domain after a scan. So, consistent inputs and more streamlined dependency management are needed. It doesn’t clearly show whether vulnerabilities are from direct or transitive dependencies. A clear classification between direct and indirect vulnerabilities is crucial. If I'm looking to improve my product, I need to know out of 'x' vulnerabilities, how many are direct dependencies. With direct dependencies, I can take action, like replacing a component. But with transitive dependencies, we are helpless at times. Often, we have to raise exceptions and work around them. A clear classification between direct and indirect dependencies is something I'd like to see improved.

Read full review

Black Duck mindshare

As of July 2024, the mindshare of Black Duck in the Software Composition Analysis (SCA) category stands at 26.0%, down from 27.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Software Composition Analysis (SCA)

Key learnings from peers

Valuable Features

Black Duck's most valuable feature is its ability to scan and evaluate open source software, ensuring license compliance and detecting vulnerabilities in Docker binary files. It seamlessly integrates and updates vulnerabilities in real-time, making it a trusted and well-recognized tool in the industry. Users are happy with its extensive scan reserves and easy installation.

"We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it."
"The cloud option of the product is always available and a positive aspect of the solution."
"The most valuable feature for me in Black Duck is its ability to scan binary files effectively."

Room for Improvement

Black Duck needs improvement in terms of pricing, usability, accuracy of results, and scanning time. Users expect more features and customization options in the UI, instead of relying on APIs and scripts. Some users have also experienced issues with the latest releases. The cost is considered too high for those who only use it a few times a year.

"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"The tool's documentation and support are areas of concern where improvements are required."
"I would like to see improvements in Black Duck's reporting capabilities."

Pricing

Black Duck is considered to be an expensive solution with high costs. The pricing is not readily available to all teams and is negotiated through contract negotiations. The solution does not offer a monthly subscription, which would be preferred by some users.

"The price charged by Black Duck is exorbitant."
"The pricing is a little high."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."

Popular Use Cases

Black Duck is used by companies to check open source software in their products, mainly for the DevSecOps pipeline. It is deployed into Kubernetes environments for microservices-based applications. It is utilized by clients across different sectors, such as banking, retail, and energy.

Service and Support

According to the reviews, Black Duck has good technical support with quick response times. However, some reviewers feel that their support may not be as strong on the technical side.

Deployment

Setting up Black Duck is generally considered to be a straightforward process that can take a few hours to complete. While some users may have had the setup done for them, others have found it manageable with minimal difficulty. However, it should be noted that maintenance may require additional resources.

Scalability

The solution provided by Black Duck is easily scalable, with varying departments able to manage change orders and add users with minimal difficulty. The tool is rated an eight out of ten for its scalability. Because it is cloud-based, the solution is also easily scalable for organizations with hundreds of users. However, some organizations may have a smaller number of users, with only a handful of people in one team utilizing the tool. Additionally, not every member of an organization may use the tool, with only developers in some cases being the primary users.

Stability

Users have consistently reported that the stability of the Black Duck solution is excellent. They have not experienced any bugs, glitches, crashes or freezing while using it, making it a reliable option.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Black Duck Buyer's Guide for additional reliable information.