Find out what your peers are saying about Black Duck, Snyk, Veracode and others in Software Composition Analysis (SCA).
If you're using it on critical external programs where there is regulatory compliance on ensuring that the source code is clean from open-source, there's substantial ROI.
There are some pain points with the response time and first-level support quality.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
The technical support has been good because we always received answers to our questions.
I would rate the scalability of Black Duck 8 or 9.
Fortify Static Code Analyzer integrates well and is scalable.
The stability of Fortify Static Code Analyzer is generally good.
I would rate the product stability as an eight.
It can improve on the security side of it, specifically vulnerabilities identification.
There are areas for improvement such as false positives and the scanning of containers.
Black Duck does not have the SBOM management part.
We would appreciate if the AI could give us more information about improvements and reduce the number of false positives, but this solution doesn't have this function yet.
It would be really helpful to include trending vulnerabilities and how to manage them.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
My experience with the pricing, setup costs, and licensing has been good.
The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management.
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
The software composition analysis is most effective for security risk management.
Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.
The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
Product | Market Share (%) |
---|---|
Black Duck | 16.7% |
Snyk | 13.1% |
JFrog Xray | 10.1% |
Other | 60.1% |
Product | Market Share (%) |
---|---|
OpenText Static Application Security Testing | 10.1% |
Veracode | 22.1% |
Checkmarx One | 14.6% |
Other | 53.199999999999996% |
Company Size | Count |
---|---|
Small Business | 6 |
Large Enterprise | 16 |
Company Size | Count |
---|---|
Small Business | 4 |
Midsize Enterprise | 3 |
Large Enterprise | 11 |
Black Duck is an essential tool for software composition analysis and license compliance. It identifies vulnerabilities effectively and supports security management in DevOps environments, offering integration, performance stability, and community support.
Organizations rely on Black Duck for seamless integration in CI/CD pipelines, thorough scanning of source and binary codes, and management of operational risks associated with open-source and commercial licenses. It plays a crucial role in security risk management and delivers a robust policy management framework. Users value its ease of use and reliable community support while benefiting from its comprehensive dependency visualization capabilities. Despite its strengths, there is room for enhancement in integration with other tools, UI friendliness, and reporting features.
What are Black Duck's key features?Enterprise environments use Black Duck extensively for security, compliance, and risk management, ensuring software meets regulatory standards and mitigates vulnerabilities. Its implementation in specific industries aids in controlled and secure software development processes, underlining its role in maintaining rigorous security standards while delivering dependable performance.
OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.
OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.
What features does OpenText Static Application Security Testing offer?Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.