I will recommend the product to others. It has in-built use cases for different verticals of the industry. Overall, I rate the tool a seven out of ten.
Engineer at a manufacturing company with 10,001+ employees
Real User
2021-08-06T14:11:22Z
Aug 6, 2021
We are a customer and an end-user. We are using Black Duck Hub. I'd rate the solution at an eight out of ten. We're mostly quite happy with the capabilities. Black Duck is a good, but not an inexpensive tool. If others want stability or a well-respected tool, I would recommend it.
CTO at a computer software company with 11-50 employees
Real User
2020-12-15T15:36:41Z
Dec 15, 2020
I would advise others to be careful with the provisioning of the space that you need. Black Duck has been the key player in the market for many years. It is totally in conjunction with Coverity and forms a suite of security and quality. It is frequently used in M&A or mergers and acquisition cases. It is the top product in the market. I would rate Black Duck a nine out of ten.
Former SVP at a manufacturing company with 5,001-10,000 employees
Real User
2020-09-27T04:10:02Z
Sep 27, 2020
We're just a customer. We don't have a business relationship with Black Duck. I'm not sure how the solution is deployed within our organization (whether it's cloud or on-premises). We've had to migrate our current Hub to Black Duck Hub, which is not efficient for the identification process. We do projects. Due to our identification process, it's not as accurate as we'd like. Overall, I'd rate the solution six out of ten.
As we are using an older version, and have not yet completed a PoC with the most recent one, I am not sure whether there are newer features that we need or will use. Things that we would like to see may have already been implemented. I would rate this solution a six out of ten.
The set up is on-premises but the knowledge base is through the cloud. As mentioned, it's a hybrid solution. The main difference between Black Duck and other solutions is the way the software identifies the open source. If it's being used out of the box and there's no need for any changes or modification or integration, probably a software based on SHA-1 would be good enough. If the company's customizing its software based on a customer requirements, changes will be needed. Software that works on a single match point probably will miss that. And that's the advantage of Black Duck. I would rate this product an eight out of 10.
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
Reseller
2019-05-28T07:49:00Z
May 28, 2019
This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers and then the next year you are growing to ten. Then, in another year, there are fourteen or twenty. As you grow, a user-based model may not work for you so you might consider going with the code-based model. However, if you are working on multiple projects then you may consider the user-based model, as long as your headcount is relatively stable. Overall, the deployment is straightforward, uploading code is straightforward, analysis is straightforward, but with integration then it may be slightly lacking. I would rate this solution a nine out of ten.
Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.
I will recommend the product to others. It has in-built use cases for different verticals of the industry. Overall, I rate the tool a seven out of ten.
I recommend Black Duck to those who plan to use it. I rate the overall product a seven out of ten.
I rate the product an eight out of ten.
I would rate the product a nine out of ten. We mostly have enterprise customers for the solution.
The solution is the most popular open software scanning tool. I rate the solution an eight out of ten.
I rate Black Duck a nine out of ten.
I would rate it a seven out of ten.
I would rate Black Duck an eight out of ten.
We are a customer and an end-user. We are using Black Duck Hub. I'd rate the solution at an eight out of ten. We're mostly quite happy with the capabilities. Black Duck is a good, but not an inexpensive tool. If others want stability or a well-respected tool, I would recommend it.
I would advise others to be careful with the provisioning of the space that you need. Black Duck has been the key player in the market for many years. It is totally in conjunction with Coverity and forms a suite of security and quality. It is frequently used in M&A or mergers and acquisition cases. It is the top product in the market. I would rate Black Duck a nine out of ten.
This is a product that I would recommend to others. I would rate Black Duck an eight out of ten.
We're just a customer. We don't have a business relationship with Black Duck. I'm not sure how the solution is deployed within our organization (whether it's cloud or on-premises). We've had to migrate our current Hub to Black Duck Hub, which is not efficient for the identification process. We do projects. Due to our identification process, it's not as accurate as we'd like. Overall, I'd rate the solution six out of ten.
As we are using an older version, and have not yet completed a PoC with the most recent one, I am not sure whether there are newer features that we need or will use. Things that we would like to see may have already been implemented. I would rate this solution a six out of ten.
The set up is on-premises but the knowledge base is through the cloud. As mentioned, it's a hybrid solution. The main difference between Black Duck and other solutions is the way the software identifies the open source. If it's being used out of the box and there's no need for any changes or modification or integration, probably a software based on SHA-1 would be good enough. If the company's customizing its software based on a customer requirements, changes will be needed. Software that works on a single match point probably will miss that. And that's the advantage of Black Duck. I would rate this product an eight out of 10.
This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers and then the next year you are growing to ten. Then, in another year, there are fourteen or twenty. As you grow, a user-based model may not work for you so you might consider going with the code-based model. However, if you are working on multiple projects then you may consider the user-based model, as long as your headcount is relatively stable. Overall, the deployment is straightforward, uploading code is straightforward, analysis is straightforward, but with integration then it may be slightly lacking. I would rate this solution a nine out of ten.