Black Duck vs ReversingLabs comparison

Black Duck and ReversingLabs are both solutions in the Software Composition Analysis (SCA) category. Black Duck is ranked #1 with an average rating of 7.3, while ReversingLabs is ranked #11 with an average rating of 10.0. Black Duck holds a 17.8% mindshare in SCA, compared to ReversingLabs’s 0.8% mindshare. Additionally, 85% of Black Duck users are willing to recommend the solution, compared to 100% of ReversingLabs users who would recommend it.

Black Duck

Read 22 Black Duck reviews

12,123 Views
9,941 Comparison Views

85% willing to recommend

ReversingLabs

Read 4 ReversingLabs reviews

1,589 Views
318 Comparison Views

100% willing to recommend

Black Duck

ReversingLabs

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Nov 5, 2024

Black Duck and ReversingLabs compete in the software security sector. Black Duck focuses on open source security, while ReversingLabs emphasizes malware analysis and file security. Black Duck's ease of deployment and support might sway businesses towards it, though ReversingLabs offers a more robust feature set for comprehensive file analysis, appealing to companies that prioritize extensive threat intelligence.

Features: Black Duck includes comprehensive open source monitoring, vulnerability identification, and license management tools. ReversingLabs provides in-depth file analysis, threat intelligence, and static malware analysis with seamless SIEM integration.

Room for Improvement: Black Duck could enhance its automatic analysis accuracy and expand its functionality beyond open source concerns. Improved integration with other security tools could also be beneficial. ReversingLabs needs a more user-friendly interface and simplified deployment process. Full documentation access for complex features would aid usability.

Ease of Deployment and Customer Service: Black Duck's straightforward deployment and robust support make setting up and running hassle-free. While ReversingLabs provides strong service, its deployment requires specialized skills, potentially complicating initial use.

Pricing and ROI: Black Duck offers lower setup costs and strong ROI in open source management, making it attractive for budget-conscious companies. ReversingLabs, despite higher costs, provides value with its advanced file security and threat detection, justifying investment for organizations needing comprehensive analysis capabilities.

To learn more, read our detailed Black Duck vs. ReversingLabs Report (Updated: July 2025).

Buyer's Guide

Black Duck vs. ReversingLabs

July 2025

Download the complete report

Helped 866,088 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Black Duck

Ranking in Software Composition Analysis (SCA)

1st

Average Rating

7.6

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

ReversingLabs

Ranking in Software Composition Analysis (SCA)

11th

Average Rating

9.2

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Application Security Tools (21st), Anti-Malware Tools (18th), Container Security (31st), Threat Intelligence Platforms (14th), Software Supply Chain Security (12th)

Mindshare comparison

As of August 2025, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 17.8%, down from 22.5% compared to the previous year. The mindshare of ReversingLabs is 0.8%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Software Composition Analysis (SCA) Market Share Distribution
Product	Market Share (%)
Black Duck	17.8%
ReversingLabs	0.8%
Other	81.4%

Software Composition Analysis (SCA)

Featured Reviews

Aaron P

DevOps Engineer at a manufacturing company with 1,001-5,000 employees

A tool with a great UI to conduct a vulnerability scan that needs to provide better scalability options

The only thing I don't like about the product is that it is quite expensive and it is not very feasible as an open-source platform. One of the other things that I hate about the product stems from my dislike of contacting the support team of Black Duck to know if there are some issues since debugging some issues can be quite difficult. I don't find reliable or feasible documents to help me debug all those issues. The solution's pricing model and documentation areas of concern where improvement is needed. In our company, we get some issues or errors when we run a pipeline, and debugging those errors can be tedious and time-consuming. To minimize the time for debugging errors, I feel that Black Duck needs to add some documentation or something that will make it easy for users to debug the errors instead of seeking help from Black Duck's support team every time. Black Duck can add features, like viewing the vulnerability, to help users figure out the next step if they detect some vulnerability while also providing them some steps to help them follow some remedial steps, along with an explanation of measures to mitigate such issues. Black Duck's UI or server doesn't provide functionality to help users view the vulnerability, which is a process that needs to be automated. The solution's scalability is an area that needs to improve.

Read full review

Jesse Harris

Principal Solutions Architect at Tanium

Comes with a large sample size and helps t stay on top of emerging threats

The solution helps to stay on top of emerging threats with easy integration with other products. ReversingLabs has a large sample size. The solution needs to improve integrations. I have been using the solution for four to five years. ReversingLabs' stability is excellent. I rate the…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It is able to drill down to the source level."

"I like the fact that the product auto analyzes components."

"The stability is okay."

"The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management."

"The solution is stable."

"The cloud option of the product is always available and a positive aspect of the solution."

"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."

"The product enables other applications to be secure."

More Black Duck pros

"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."

"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."

"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."

"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."

"ReversingLabs has a large sample size."

Cons

"It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports."

"There are areas for improvement such as false positives and the scanning of containers."

"The solution's pricing model and documentation areas of concern where improvement is needed."

"It needs to be more user-friendly for developers and in general, to ensure compliance."

"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."

"The tool needs to improve its pricing. Its configuration is complex and can be improved."

"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."

"The product's pricing is higher compared to other competitor products."

More Black Duck cons

"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."

"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."

"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."

"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."

"The solution needs to improve integrations."

Pricing and Cost Advice

"The price is quite high because the behavior of the software during the scan is similar to competing products."

"It is expensive."

"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."

"The price charged by Black Duck is exorbitant."

"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."

"The pricing is a little high."

"The price is low. It's not an expensive solution."

"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."

"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."

"We have a yearly contract based on the number of queries and malicious programs which can be processed."

See which vendors are best for you

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See recommendations

866,088 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

18%

Manufacturing Company

15%

Computer Software Company

13%

Insurance Company

Computer Software Company

16%

Financial Services Firm

13%

Insurance Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	6
Large Enterprise	16

No data available

Questions from the Community

How does WhiteSource compare with Black Duck?

We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...

See all answers

What do you like most about Black Duck?

The cloud option of the product is always available and a positive aspect of the solution.

See all answers

What is your experience regarding pricing and costs for Black Duck?

The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...

See all answers

What do you like most about ReversingLabs?

ReversingLabs has a large sample size.

See all answers

What needs improvement with ReversingLabs?

The solution needs to improve integrations.

See all answers

What advice do you have for others considering ReversingLabs?

I rate the product a ten out of ten.

See all answers

Comparisons

OpenText Static Application Security Testing vs Black Duck

Compared 17% of the time

JFrog Xray vs Black Duck

Compared 15% of the time

Snyk vs Black Duck

Compared 11% of the time

Mend.io vs Black Duck

Compared 9% of the time

Sonatype Lifecycle vs Black Duck

Compared 7% of the time

More Black Duck Competitors

VirusTotal vs ReversingLabs

Compared 23% of the time

JFrog Xray vs ReversingLabs

Compared 12% of the time

OPSWAT Filescan Sandbox vs ReversingLabs

Compared 9% of the time

CrowdStrike Falcon vs ReversingLabs

Compared 8% of the time

Snyk vs ReversingLabs

Compared 8% of the time

More ReversingLabs Competitors

Product Reports

Buyer's Guide

Black Duck

August 2025

Download Black Duck product report

Buyer's Guide

ReversingLabs

August 2025

Download ReversingLabs product report

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker

ReversingLabs Titanium, ReversingLabs secure.software

Overview

Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.

Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis, effective vulnerability scanning, and a comprehensive knowledge base are some of its valuable features. Despite needing improvements in scanning speed, UI, and documentation, Black Duck remains crucial for ensuring open-source security and compliance.

What are Black Duck's most important features?

Automatic Component Analysis: Provides automatic identification and analysis of open-source components.
Effective Vulnerability Scanning: Scans for vulnerabilities in both source code and binary files.
Comprehensive Knowledge Base: Offers expansive information on open-source components.
Policy Management: Enables the creation and enforcement of security and compliance policies.
Binary File Scanning: Capable of scanning binary files for in-depth security checks.
Ease of Use: Demonstrates ease of use, particularly on Mac products.
Stability: Known for its stable performance.
Docker Integration: Smooth integration with Docker for enhanced deployment.
Open-source Evaluation: Excellent evaluation capabilities for open-source software.
License Management: Manages open-source licenses effectively.
Easy Installation: Simple installation process.
Secure Onboarding: Ensures secure application onboarding.
API Availability: Provides APIs for custom integrations.
Community Support: Backed by an active community.
Dependency Tree Visualization: Visualizes dependencies for better management.

What benefits or ROI should users look for in reviews?

Improved Compliance: Helps maintain compliance with legal and regulatory requirements.
Risk Mitigation: Reduces risks associated with open-source vulnerabilities.
Enhanced Security: Strengthens software security by identifying and addressing potential issues early.
Time-saving: Automates many aspects of vulnerability scanning and analysis, saving valuable time.
Cost Efficiency: Detects issues early, potentially saving costs related to compliance breaches and security incidents.
Integration Ease: Seamlessly integrates with existing CI/CD pipelines and DevSecOps practices.
Knowledge Resource: Access to comprehensive information aiding better decision-making.

Black Duck is implemented by industries ranging from finance to healthcare, addressing security and compliance in open-source usage. Financial institutions employ it to manage license risks and ensure audit readiness. Healthcare organizations use it to comply with stringent data protection regulations, ensuring patient data security and privacy. Tech companies integrate Black Duck within CI/CD pipelines to maintain the security and compliance of software products before release. Its deployment varies, tailored to meet the specific risk management and compliance needs dictated by each sector's regulatory environment.

Black Duck

ReversingLabs is the trusted authority in software and file security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, the ReversingLabs Titanium Platform® powers the software supply chain and file security insights, tracking over 35 billion files daily with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.

RL - Trust Delivered.

https://www.reversinglabs.com

ReversingLabs

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace

Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology

Buyer's Guide

Black Duck vs. ReversingLabs

July 2025

Free Report: Black Duck vs. ReversingLabs

Find out what your peers are saying about Black Duck vs. ReversingLabs and other solutions. Updated: July 2025.

DOWNLOAD NOW

866,088 professionals have used our research since 2012.

See our Black Duck vs. ReversingLabs report.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.