Black Duck Room for Improvement
CTO at a computer software company with 11-50 employees
It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code.
It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.View full review »
Former SVP at a manufacturing company with 5,001-10,000 employees
The solution requires us to manually identify codes and other forms of identification, and this takes up a lot of time. The patterns the solution uses for identification need to be constantly reviewed by our team. There's also no time stamps. Everything needs to be reviewed. It takes double the time to identify things. Features just don't come up in the Hub.
We'd like to be able to authenticate through our two companies.
We're not too sure about the extension of the firewall. It never shows up in the Hub.
The Hub doesn't like that we have binary sides, so, once again, we need to check everything, meaning we get double the work.
The scanning aspect of the resolution needs to be improved. Right now, as it is, it's not okay.
It would be ideal if the solution offered features to add one or more components to a file.View full review »
Project Lead at a manufacturing company with 10,001+ employees
The older version that we are using is very primitive. You have to do every step, right from setting up an application to the user. The code has to sit in a particular folder and all of the open-source dependencies have to be there. With everything in one folder, it starts to scan. As we are using Code Center, we need to ensure that all of the components are there. However, there are thousands of components and for each submission, the components have to be there. There are no bulk submissions or bulk transfers. Essentially, you need to write your own scripts with the APIs to do it more efficiently.
It needs to be more user-friendly for developers and in general, to ensure compliance. The scanning should be quick and easy to use, rather than complex.
The pricing for this solution should definitely be lower.View full review »
We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck. I feel that it is just a matter of time and it should be fine.View full review »
Engineer at a manufacturing company with 10,001+ employees
Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive.View full review »
The initial setup could be simplified. It was somewhat complex.
In the next release, I would like to see packet analysis and binary analysis included as features.View full review »