Black Duck vs ShiftLeft comparison

Black Duck
Read 19 Black Duck reviews
  • 14,236 Views
  • 9,573 Comparison Views
82% willing to recommend
ShiftLeft
Read 1 ShiftLeft review
  • 150 Views
  • 114 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Black Duck and ShiftLeft based on real PeerSpot user reviews.

Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Software Composition Analysis (SCA) Report (Updated: June 2024).
Buyer's Guide
Software Composition Analysis (SCA)
June 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.8
Number of Reviews
19
Ranking in other categories
No ranking in other categories
ShiftLeft
Ranking in Software Composition Analysis (SCA)
10th
Average Rating
10.0
Number of Reviews
1
Ranking in other categories
Application Security Tools (26th), Static Application Security Testing (SAST) (18th)
 

Mindshare comparison

As of July 2024, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 26.0%, down from 27.9% compared to the previous year. The mindshare of ShiftLeft is 0.4%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
Unique Categories:
No other categories found
Application Security Tools
0.1%
Static Application Security Testing (SAST)
0.1%
 

Featured Reviews

Sagar Mody - PeerSpot reviewer
Apr 12, 2024
Effectively flags operational vulnerabilities and recommendations for fixes are very helpful
It's still a bit inconsistent. For example, sometimes a scan might reveal components or vulnerabilities, and the next day they might not show up. There's a lack of consistency at times. Of course, this could sometimes be due to new vulnerabilities being identified in the public domain after a scan. So, consistent inputs and more streamlined dependency management are needed. It doesn’t clearly show whether vulnerabilities are from direct or transitive dependencies. A clear classification between direct and indirect vulnerabilities is crucial. If I'm looking to improve my product, I need to know out of 'x' vulnerabilities, how many are direct dependencies. With direct dependencies, I can take action, like replacing a component. But with transitive dependencies, we are helpless at times. Often, we have to raise exceptions and work around them. A clear classification between direct and indirect dependencies is something I'd like to see improved.
Read full review
SS
Jun 27, 2023
Effectively in identify and fix bugs early in the development lifecycle
When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness. Previously, security professionals had to spend a lot of time and effort running around, asking people to fix issues in their products, architectures, code, and even networks. With ShiftLeft, everything becomes robust and secure from within. Instead of relying on external measures like Web Application Firewalls (WAF) that are applied from the outside in, ShiftLeft takes a proactive approach. It helps prevent issues from arising in the first place, making it much easier for both security teams and developers. It's also cost-effective because you don't have to constantly go back, make changes to the code, and then push it again. Writing secure code from the start ensures that there are no vulnerabilities when it goes live. So, I would say the main features of ShiftLeft are its cost-effectiveness and ease of adaptability or use.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product enables other applications to be secure."
"It is able to drill down to the source level."
"The solution is stable."
"I like the fact that the product auto analyzes components."
"We accidentally use third-party library APIs, which may not be secure. Our technical team may not have the end time or expertise to figure it out. Black Duck helps us with that and saves us time."
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"The cloud option of the product is always available and a positive aspect of the solution."
More Black Duck pros
"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
 

Cons

"The scanner client is limited by the size of software it can handle."
"The tool needs to improve its pricing. Its configuration is complex and can be improved."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"It needs to be more user-friendly for developers and in general, to ensure compliance."
"We're not too sure about the extension of the firewall. It never shows up in the Hub."
"I would like to see improvements in Black Duck's reporting capabilities."
"The solution must provide more open APIs."
"The documentation is quite scattered."
More Black Duck cons
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
 

Pricing and Cost Advice

"The price is low. It's not an expensive solution."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"The price charged by Black Duck is exorbitant."
"The pricing is a little high."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"It is expensive."
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Manufacturing Company
16%
Computer Software Company
15%
Healthcare Company
5%
Financial Services Firm
16%
Retailer
12%
Computer Software Company
11%
Legal Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
See all answers
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
See all answers
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
See all answers
What do you like most about ShiftLeft?
When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness.
See all answers
What needs improvement with ShiftLeft?
When it comes to areas of improvement for ShiftLeft, I believe it could benefit from greater support from senior management. It's important to have their involvement when it comes to architectural ...
See all answers
What advice do you have for others considering ShiftLeft?
I would highly recommend ShiftLeft. It greatly simplifies the job for both security professionals and developers. By identifying and fixing bugs earlier in the development lifecycle, it significant...
See all answers
 

Comparisons

Snyk vs Black Duck Logo
Snyk vs Black Duck
Compared 23% of the time
Fortify Static Code Analyzer vs Black Duck Logo
Fortify Static Code Analyzer vs Black Duck
Compared 19% of the time
JFrog Xray vs Black Duck Logo
JFrog Xray vs Black Duck
Compared 12% of the time
Mend.io vs Black Duck Logo
Mend.io vs Black Duck
Compared 9% of the time
CAST Highlight vs Black Duck Logo
CAST Highlight vs Black Duck
Compared 1% of the time
More Black Duck Competitors
SonarQube vs ShiftLeft Logo
SonarQube vs ShiftLeft
Compared 47% of the time
More ShiftLeft Competitors
 

Product Reports

Buyer's Guide
Black Duck
July 2024
Black Duck reportDownload Black Duck product report
Buyer's Guide
Application Security Tools
July 2024
ShiftLeft reportDownload ShiftLeft product report
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
No data available
 

Learn More

Synopsys
ShiftLeft
 

Overview

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Shipping secure code is painful and time-consuming – slowing down development teams and AppSec teams alike. ShiftLeft is on a mission to make vulnerabilities history. Our revolutionary Code Property Graph (CPG) enables us to seamlessly insert 10x faster code analysis, prioritized OSS vulnerability findings and real-time security education in one single SaaS platform integrated directly into modern development workflows. Combining our OWASP-benchmark dominating NG-SAST, Intelligent SCA, instant secrets detection, and contextual security education, ShiftLeft CORE code security platform turns every developer into an AppSec expert.

 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
Information Not Available
Buyer's Guide
Software Composition Analysis (SCA)
June 2024
Download Free Report
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA). Updated: June 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.