No more typing reviews! Try our Samantha, our new voice AI agent.

Black Duck SCA vs SentinelOne Singularity Endpoint comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
3.6
Black Duck improved efficiency by identifying vulnerabilities early, saving time, streamlining audits, reducing manual effort, and enhancing code security.
Sentiment score
6.2
SentinelOne Singularity Endpoint boosts efficiency and security while reducing costs by automating threat management and consolidating tools.
If you're using it on critical external programs where there is regulatory compliance on ensuring that the source code is clean from open-source, there's substantial ROI.
IP Head at a tech services company with 10,001+ employees
SentinelOne Singularity Complete has helped reduce my organization's mean time to detect by fifty percent.
Director, Infrastructure & Security at Dreamscape Companies
If I engage five engineers for this project and implement SentinelOne, then only one resource is needed to manage the dashboard and criticality alerts.
Business Head at Ivalue Infosolution
In comparison, other EDRs such as Microsoft Defender are quite resource-hungry, and employees often complain about laptop speed, but we do not face those issues.
Cybersecurity Product Manager at a tech services company with 51-200 employees
 

Customer Service

Sentiment score
5.1
Black Duck SCA's support is praised for expertise but criticized for inconsistency and delays, with calls for process improvements.
Sentiment score
7.4
SentinelOne Singularity Endpoint's customer service is efficient and responsive, with users frequently appreciating the quick and effective support.
There are some pain points with the response time and first-level support quality.
Director at a healthcare company with 10,001+ employees
If we get stuck at midnight, any other TAC team will be in GMT or Europe or America, and they will assign our support engineer and suddenly schedule a call for us and resolve the issue.
Soc Analyst at Softcell Technologies Limited
For the support team of SentinelOne Singularity Endpoint, I would rate them nine out of ten because there is a human voice there, so they are listening and responsive.
Mdr Analyst at Softcell Technologies
Most of the time, we are not aware of how to resolve those questions, and SentinelOne Singularity Endpoint's customer support helps us significantly with a prompt response.
SOC Analyst at Softcell Technologies
 

Scalability Issues

Sentiment score
6.6
Black Duck SCA is highly rated for scalability, supporting diverse environments, but its cost may limit smaller companies.
Sentiment score
7.8
SentinelOne Singularity Endpoint scales efficiently, offering seamless deployment, flexible cloud-native management, and minimal performance impact across diverse organizational environments.
I would rate the scalability of Black Duck 8 or 9.
IP Head at a tech services company with 10,001+ employees
The system can scale any number of times, and only the license for each endpoint is needed.
Mdr Analyst at Softcell Technologies
I would say ten out of ten for the scalability of SentinelOne Singularity Endpoint because we can scale up and scale down as per requirement.
Security Analyst at a media company with 501-1,000 employees
The cloud-based management model makes it easier to onboard, manage, and monitor large numbers of endpoints without needing additional backend infrastructure.
Cybersecurity Engineer at a tech services company with 51-200 employees
 

Stability Issues

Sentiment score
7.9
Black Duck SCA is reported as stable and reliable, with occasional delays and standard maintenance requirements noted by users.
Sentiment score
8.0
SentinelOne Singularity Endpoint is highly reliable, stable, and performs well with minimal downtime, addressing issues through effective updates.
If I have to rate the stability level of Singularity Platform from one to ten, I would say it would be a strong nine.
Information Security Officer at a tech vendor with 51-200 employees
The automation helps a lot, and once implemented, we face no further issues regarding stability or scalability; everything works absolutely fine.
Associate Vice President at Novac Technology Solutions
Even if the agent disconnects from our console, it will still protect the desktop or laptop.
Soc Analyst at Softcell Technologies Limited
 

Room For Improvement

Black Duck SCA needs an intuitive interface, better documentation, faster scans, enhanced integration, and improved cost-effectiveness and support.
SentinelOne needs an improved dashboard, better reporting, streamlined upgrades, reduced false positives, and enhanced integration, UI, and threat insights.
It can improve on the security side of it, specifically vulnerabilities identification.
IP Head at a tech services company with 10,001+ employees
The documentation is not really on the mark.
Project Lead at ABB
There are areas for improvement such as false positives and the scanning of containers.
Director at a healthcare company with 10,001+ employees
The only thing that prevented the attack from succeeding was a free version of Malwarebytes.
Director, Information Technology at Premier Realty Group
When I find a log suspicious, if it automatically points out that a particular point in the log at a specific timing or frame is looking malicious, it would be easier for me.
Cyber Security Trainee at DataSpace Academy
SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution.
Soc Analyst at Softcell Technologies Limited
 

Setup Cost

Black Duck SCA pricing is flexible but can be costly, with options based on user count or code size.
SentinelOne Singularity Endpoint is cost-effective for enterprises, ranging $6-$12 per endpoint monthly, pricier for smaller businesses.
If you want protection, you have to pay the price.
Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees
There are other products that are less expensive, but I tell my clients that in security, they cannot cut corners or look for the cheapest solution.
President at a tech services company with 1-10 employees
Reputation and quality are important, but especially in today’s economy, price is a significant factor.
Security and Compliance at a outsourcing company with 1,001-5,000 employees
 

Valuable Features

Black Duck SCA offers robust vulnerability scanning, seamless integration, efficient compliance management, and enhances security with dependency mapping.
SentinelOne Singularity Endpoint offers AI-driven detection, autonomous responses, and seamless integration, enhancing security while reducing alerts and simplifying management.
The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management.
Director at a healthcare company with 10,001+ employees
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
IP Head at a tech services company with 10,001+ employees
If that component has a vulnerability from any of the sources, it should be considered and shown regardless of whether it is vulnerable from different sources.
Project Lead at ABB
I have an advanced app providing visibility of all my endpoints, which was not the case before.
AGM IT Security at Page Industries Ltd
SentinelOne has a feature to decommission automatically, which has been fantastic.
Computer Technician at VILLE DE POINTE-CLAIRE
There's also automation that gives my team free time, preventing them from having to look for every alert.
Network & Security Section Head/Digital Transformation at a government with 201-500 employees
 

Categories and Ranking

Black Duck SCA
Average Rating
7.6
Reviews Sentiment
6.2
Number of Reviews
23
Ranking in other categories
Software Composition Analysis (SCA) (3rd)
SentinelOne Singularity End...
Average Rating
8.8
Reviews Sentiment
7.1
Number of Reviews
262
Ranking in other categories
Endpoint Protection Platform (EPP) (3rd), Anti-Malware Tools (2nd), Endpoint Detection and Response (EDR) (2nd), Extended Detection and Response (XDR) (2nd), AI-Powered Cybersecurity Platforms (3rd), AI Observability (2nd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Black Duck SCA is designed for Software Composition Analysis (SCA) and holds a mindshare of 9.1%, down 17.6% compared to last year.
SentinelOne Singularity Endpoint, on the other hand, focuses on Endpoint Detection and Response (EDR), holds 5.3% mindshare, down 5.6% since last year.
Software Composition Analysis (SCA) Mindshare Distribution
ProductMindshare (%)
Black Duck SCA9.1%
Snyk11.1%
Veracode5.9%
Other73.9%
Software Composition Analysis (SCA)
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
SentinelOne Singularity Endpoint5.3%
CrowdStrike Falcon7.4%
Microsoft Defender for Endpoint5.7%
Other81.6%
Endpoint Detection and Response (EDR)
 

Featured Reviews

SS
Project Lead at ABB
Compliance checks have improved while vulnerability coverage and SBOM accuracy still need work
I think Black Duck SCA needs to improve on the overall approach. I assume that the people who developed Black Duck SCA believe that users will use this tool for some time in a full-fledged way with all those features. However, the way it really works with product development or in a software development life cycle is that this is just one of the steps for checking whether something is license compliant, whether it has vulnerabilities, or whether the SBOM is generated. It is just one of those steps in the software development process. The expectation from the tool's perspective is that users have to go into the Black Duck SCA portal, look at each of those items, and if something is not correct, try to find it out and update or configure the right CPEs or PURLs or those kinds of things. In reality, most users would not have time for this because they would have done this as part of the build and would generate an SBOM as part of the build. The tool should be quite usable. If a feature works properly and correctly, then nobody will go back and try to spend time on that. For example, if I generate an SBOM and that SBOM has a particular CPE and there are multiple sources, the tool should produce those CPEs with vulnerabilities, put them into the SBOM, and allow me to move forward. If there are more bugs or more configuration requirements, the usage will come down. It is like a mobile application: if there is too much data that needs to be looked at, configured, and used, then the number of users would come down. The tool should be fast, usable, and accurate. Users should just be able to use it without needing to learn too much. The learning curve should be less when using a tool, and the usage should be easy with basic understanding. They should not need to go through complex processes and can assume that whatever data is given is correct. That is where the whole problem with Black Duck SCA lies. The documentation is not really on the mark. For example, if there is a functionality, such as wanting to see a CPE, the documentation should show how to get this via API or see it and how to configure that with examples. Most of the time the tool says it is all in the community, which is not ideal. The community is different from a conceptual view. The community is for bugs and issues that users want to report. However, people who are looking at the tool fresh and need to see functionality such as scan configuration need clear documentation. If I want to see the scan configurations and how to do it, there are videos, but there should be clear documentation with examples, such as how to configure for Docker using specific commands and methods. This example could be clear documentation and should not be redirected to the community every time. If there is a problem or those kinds of issues, they should go to the community and solutions will be found. However, for basic documentation on features being provided, I do not see that kind of clear documentation with clear examples.
Vaibhav Mahendra Kolhe - PeerSpot reviewer
Soc Analyst at Softcell Technologies Limited
Automation has reduced alerts and freed the soc team to focus on faster incident response
Regarding mean time to respond, the improvements I see with SentinelOne Singularity Complete are that genuine files also get alerts. We are getting false positives, but we are also getting genuine true positive alerts. The improvement will be deep visibility because as I am using Splunk as a SIEM, I compare deep visibility with Splunk, but deep visibility has limited access with only a 14-day policy to retain logs. The improvement will be in overall policy management. The third point will be the complexity of policies. If we want some endpoints to use only USB or if we need to block USB on some points, the policy management is very complex. The fourth point will be that Mac OS and Linux don't have the rollback policy; that policy is only for Windows. These four points are improvements if SentinelOne Singularity Complete can address them. Data privacy and security when utilizing Purple AI is crucial for SentinelOne Singularity Complete, and SentinelOne Singularity Complete lacks in data security. Data security is very important in this world. In my organization, if we deploy SentinelOne Singularity Complete and we have integrated all the firewalls, all devices, and AWS devices to SentinelOne Singularity Complete, logs will be forwarded to SentinelOne Singularity Complete through SentinelOne Singularity Complete. However, SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution. From the data security point of view, SentinelOne Singularity Complete is not good.
report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
903,807 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
16%
Computer Software Company
11%
University
5%
Computer Software Company
10%
Manufacturing Company
9%
Financial Services Firm
8%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Large Enterprise17
By reviewers
Company SizeCount
Small Business125
Midsize Enterprise69
Large Enterprise88
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What needs improvement with Black Duck?
I think Black Duck SCA needs to improve on the overall approach. I assume that the people who developed Black Duck SCA believe that users will use this tool for some time in a full-fledged way with...
What is your primary use case for Black Duck?
The primary use cases are compliance and scanning in terms of license compliance and trying to identify snippets, particularly if there are any snippets being identified that are coming from open s...
Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
What is your experience regarding pricing and costs for SentinelOne Singularity?
It is neither too costly, but definitely, it is one of the advantages that SentinelOne is quite adapted towards the pricing.
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
Sentinel Labs, SentinelOne Singularity, Singularity Platform
 

Overview

 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
Find out what your peers are saying about Veracode, Snyk, Black Duck and others in Software Composition Analysis (SCA). Updated: June 2026.
903,807 professionals have used our research since 2012.