Black Duck OverviewUNIXBusinessApplication

Black Duck is the #5 ranked solution in top Software Composition Analysis (SCA) tools. PeerSpot users give Black Duck an average rating of 8.2 out of 10. Black Duck is most commonly compared to Snyk: Black Duck vs Snyk. Black Duck is popular among the large enterprise segment, accounting for 73% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.
Buyer's Guide

Download the Software Composition Analysis (SCA) Buyer's Guide including reviews and more. Updated: April 2023

What is Black Duck?

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Black Duck was previously known as Blackduck Hub, Black Duck Protex, Black Duck Security Checker.

Black Duck Customers

Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf

Black Duck Video

Black Duck Pricing

Black Duck is considered to be an expensive solution with high costs. The pricing is not readily available to all teams and is negotiated through contract negotiations. The solution does not offer a monthly subscription, which would be preferred by some users.

Black Duck Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Head: Open Source Program Office at a financial services firm with 10,001+ employees
Real User
Top 20
Feature-rich, with good security compliance
Pros and Cons
  • "Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
  • "We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck."

What is our primary use case?

I am not working with Black Duck. I manage a team that works with Black Duck.

What is most valuable?

We are happy with this solution.

We have not yet explored all of the functionalities of Black Duck.

Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.

What needs improvement?

We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck. I feel that it is just a matter of time and it should be fine.

For how long have I used the solution?

We have been working with Black Duck for a little more than one year.

Buyer's Guide
Software Composition Analysis (SCA)
April 2023
Find out what your peers are saying about Synopsys, Mend.io, Snyk and others in Software Composition Analysis (SCA). Updated: April 2023.
706,775 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It is a very small group of people who are using this solution in our organization.

My team is the open-source program office and we have three people who are using Black Duck and the other teams would be in the range of fewer than 20 people.

How are customer service and support?

We contacted technical support as we were not able to fix this issue ourselves. We are not the primary contact who has procured the product, they are based out of Paris. We are using the license but we have to go through them to contact Black Duck to get their help.

I am not able to share an opinion on the support because we raised the issue only a few weeks back, and this being the summer vacation period, a lot of people were unavailable. I don't know whether that delay is being caused by our counterparts in Paris or if it is really caused by Black Duck.

Which solution did I use previously and why did I switch?

We have been using other tools, but our IT division acquired Black Duck and we wanted to use it across the organization.

As far as security is concerned, it has always been a priority in our organization. We had different tools that we were using for security, but when it comes to operational risk and compliance and licensing, we didn't have any specific approach before Black Duck.

What's my experience with pricing, setup cost, and licensing?

We are not the primary team to procure this solution. My counterparts in Paris are the only ones who are aware of the pricing.

We are only using a few of the licenses because they had acquired several licenses, but I'm not involved in the pricing and the contract negotiations.

What other advice do I have?

I would rate Black Duck an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Engineer at a manufacturing company with 10,001+ employees
Real User
Top 5
Easy to use with a simple installation process and good stability
Pros and Cons
  • "The installation is very easy."
  • "Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive."

What is most valuable?

It's a well-recognized tool in our industry. We have a lot of requests for the product from clients. 

The solution is very easy to use. 

The stability has been good over the years.

The installation is very easy.

What needs improvement?

Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive.

For how long have I used the solution?

We've used the solution for about three or four years at this point. 

What do I think about the stability of the solution?

The stability is very good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

Not everyone uses the solution at our company. Mainly, just developers use it, and we have about 60 people on it. 

Which solution did I use previously and why did I switch?

Right now, we are considering changing to WhiteSource, however, we still might just keep Black Duck.

How was the initial setup?

The initial setup isn't too difficult. It's a pretty straightforward, simple process. We have only installed it once, and I cannot recall how long the deployment actually took. It was a long time ago.

What's my experience with pricing, setup cost, and licensing?

The cost of the solution is very high. We'd prefer if the product offered a monthly subscription.

What other advice do I have?

We are a customer and an end-user.

We are using Black Duck Hub.

I'd rate the solution at an eight out of ten. We're mostly quite happy with the capabilities. 

Black Duck is a good, but not an inexpensive tool. If others want stability or a well-respected tool, I would recommend it. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Software Composition Analysis (SCA)
April 2023
Find out what your peers are saying about Synopsys, Mend.io, Snyk and others in Software Composition Analysis (SCA). Updated: April 2023.
706,775 professionals have used our research since 2012.
Tarun-Sharma - PeerSpot reviewer
Cloud Solution Architect at IBM
Real User
Top 20
Responsive support, useful vulnerabilities discovery, and high availability
Pros and Cons
  • "The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
  • "Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."

What is our primary use case?

We use Black Duck mainly for the DevSecOps pipeline. For the microservices-based application, we have to deploy Black Duck into the Kubernetes environment. 

I have worked for multiple clients across the world, such as the US and Europe in the banking, retail, and energy sectors.

What is most valuable?

The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.

What needs improvement?

Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster.

For how long have I used the solution?

I have been using Black Duck for a few years.

What do I think about the stability of the solution?

The stability of Black Duck is very good.

What do I think about the scalability of the solution?

Black Duck is scalable.

How are customer service and support?

The technical support from Black Duck is very good.

How was the initial setup?

Black Duck is easy to install. The full implementation took a couple of hours.

What about the implementation team?

I do the implementation of the solution.

What was our ROI?

We have seen a very high return on investment using Black Duck.

What other advice do I have?

I rate Black Duck a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Project Lead at ABB Group
Real User
Top 20
Is able to drill down to the source level, but instead of providing scripts, they should provide functionalities through the UI
Pros and Cons
  • "It is able to drill down to the source level."
  • "They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility."

What is most valuable?

It is able to drill down to the source level.

What needs improvement?

We expect a lot more features. They have to improve it a lot in terms of the way they do the analysis. At the analysis level, more depth is required.

They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility.

For how long have I used the solution?

We have been using this solution for a year. We are using its latest version.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

Because it is on the cloud, it is scalable. We have quite a significant number of users. Our users might be in the hundreds.

How are customer service and support?

Their support is not so strong. It is fine. It is not bad. If we go a little bit deeper on the technical side, they might not know about it.

How was the initial setup?

We didn't do the setup. They did the setup. My guess is that it is not so easy because it's done in the docker environment. For its maintenance, we need two people.

What's my experience with pricing, setup cost, and licensing?

It is expensive.

What other advice do I have?

I would rate it a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Quality Manager at a financial services firm with 11-50 employees
Real User
Top 20
Very good at scanning open source software and ensuring compliance
Pros and Cons
  • "The solution is very good at scanning and evaluating open source software."
  • "It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."

What is our primary use case?

Our company uses the solution to check open source software that is embedded in our products. 

What is most valuable?

The solution is very good at scanning and evaluating open source software. In the past, we had misunderstandings about the open source files in our products. 

The solution checks for open source license compliance. You provide the license for a software such as MIT and the solution scans documents, tabs, and files by date. 

What needs improvement?

It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations and ensure compliance. 

Sometimes the solution produces incorrect or ambiguous results so that needs improvement to ensure there are no misunderstandings. 

For how long have I used the solution?

I have been using the solution for three years. 

What do I think about the scalability of the solution?

The solution is scalable. We have different departments and it is easy to process change orders or add users. 

The scalability is rated an eight out of ten. 

How are customer service and support?

The technical support is very, very good and their response time is very quick. 

Which solution did I use previously and why did I switch?

I don't have experience with other solutions. 

What about the implementation team?

The setup and implementation was completed by the supplier. We just waited for them to complete the process and then began using the solution.

What other advice do I have?

The solution is the most popular open software scanning tool. I rate the solution an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Project Manager at TRIVIUM ESOLUTIONS PRIVATE LIMITED
Real User
A stable and scalable solution but priced higher than competitors
Pros and Cons
  • "The solution is stable."
  • "The product's pricing is higher compared to other competitor products."

What needs improvement?

The product's pricing is higher compared to other competitor products. 

For how long have I used the solution?

I am using the product for a year. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The tool is scalable. 

What other advice do I have?

I would rate the product a nine out of ten. We mostly have enterprise customers for the solution. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Software Composition Analysis (SCA) Report and find out what your peers are saying about Synopsys, Mend.io, Snyk, and more!
Updated: April 2023
Buyer's Guide
Download our free Software Composition Analysis (SCA) Report and find out what your peers are saying about Synopsys, Mend.io, Snyk, and more!