The product teams use them under supervision from the security department. I'm not extremely familiar with the details on how the product teams are using it, but I think they have integrated it into their development life cycle. This is governed and managed from a technical and operational perspective by the security department. Opinions are split between people that find it useful, but it's also pretty complex. That's why when we're contemplating moving towards Snyk, it is because it's more developer-oriented than Black Duck. It's a tad more complex to integrate and to use. This is some of the feedback I heard about.
Software Composition Analysis (SCA) solutions enable organizations to identify, analyze, and manage open-source components within their software projects, ensuring compliance and reducing security risks. SCA tools are designed to detect vulnerable dependencies and licensing issues in open-source libraries. By providing detailed reports on the state of components within a software project, these tools help organizations improve their security posture and ensure license compliance. SCA...
The product teams use them under supervision from the security department. I'm not extremely familiar with the details on how the product teams are using it, but I think they have integrated it into their development life cycle. This is governed and managed from a technical and operational perspective by the security department. Opinions are split between people that find it useful, but it's also pretty complex. That's why when we're contemplating moving towards Snyk, it is because it's more developer-oriented than Black Duck. It's a tad more complex to integrate and to use. This is some of the feedback I heard about.