2019-05-28T07:49:00Z

What needs improvement with Black Duck?

Miriam Tover - PeerSpot reviewer
  • 0
  • 146
PeerSpot user
14

14 Answers

Aaron  P - PeerSpot reviewer
Real User
Top 5
2023-09-15T03:20:31Z
Sep 15, 2023

The only thing I don't like about the product is that it is quite expensive and it is not very feasible as an open-source platform. One of the other things that I hate about the product stems from my dislike of contacting the support team of Black Duck to know if there are some issues since debugging some issues can be quite difficult. I don't find reliable or feasible documents to help me debug all those issues. The solution's pricing model and documentation areas of concern where improvement is needed. In our company, we get some issues or errors when we run a pipeline, and debugging those errors can be tedious and time-consuming. To minimize the time for debugging errors, I feel that Black Duck needs to add some documentation or something that will make it easy for users to debug the errors instead of seeking help from Black Duck's support team every time. Black Duck can add features, like viewing the vulnerability, to help users figure out the next step if they detect some vulnerability while also providing them some steps to help them follow some remedial steps, along with an explanation of measures to mitigate such issues. Black Duck's UI or server doesn't provide functionality to help users view the vulnerability, which is a process that needs to be automated. The solution's scalability is an area that needs to improve.

Search for a product comparison
VM
Real User
Top 20
2023-08-22T08:18:26Z
Aug 22, 2023

The tool needs to improve its pricing. Its configuration is complex and can be improved.

SS
Real User
2023-05-10T05:55:00Z
May 10, 2023

The product's pricing is higher compared to other competitor products.

ZR
Real User
Top 20
2023-02-13T20:14:14Z
Feb 13, 2023

It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations and ensure compliance. Sometimes the solution produces incorrect or ambiguous results so that needs improvement to ensure there are no misunderstandings.

Tarun-Sharma - PeerSpot reviewer
Real User
Top 20
2022-06-08T15:39:40Z
Jun 8, 2022

Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster.

SK
Real User
Top 20
2022-05-03T10:43:51Z
May 3, 2022

We expect a lot more features. They have to improve it a lot in terms of the way they do the analysis. At the analysis level, more depth is required. They are giving a lot of APIs and Python scripts for certain functionalities, but instead of using APIs and Python scripts, they should provide these functionalities through the UI. Users should be able to customize and add more fields through the UI. Users should be able to add more fields and generate reports. Currently, they are not giving flexibility in the UI. They're providing a script that simply generates an Excel file or CSV file. There is no flexibility.

Find out what your peers are saying about Synopsys, Mend.io, Snyk and others in Software Composition Analysis (SCA). Updated: March 2024.
765,234 professionals have used our research since 2012.
JR
Real User
2021-08-26T09:43:15Z
Aug 26, 2021

We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck. I feel that it is just a matter of time and it should be fine.

MC
Real User
2021-08-06T14:11:22Z
Aug 6, 2021

Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive.

CV
Real User
2020-12-15T15:36:41Z
Dec 15, 2020

It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.

RS
Real User
2020-12-07T19:42:53Z
Dec 7, 2020

The initial setup could be simplified. It was somewhat complex. In the next release, I would like to see packet analysis and binary analysis included as features.

SK
Real User
2020-09-27T04:10:02Z
Sep 27, 2020

The solution requires us to manually identify codes and other forms of identification, and this takes up a lot of time. The patterns the solution uses for identification need to be constantly reviewed by our team. There's also no time stamps. Everything needs to be reviewed. It takes double the time to identify things. Features just don't come up in the Hub. We'd like to be able to authenticate through our two companies. We're not too sure about the extension of the firewall. It never shows up in the Hub. The Hub doesn't like that we have binary sides, so, once again, we need to check everything, meaning we get double the work. The scanning aspect of the resolution needs to be improved. Right now, as it is, it's not okay. It would be ideal if the solution offered features to add one or more components to a file.

SK
Real User
Top 20
2020-06-07T09:08:59Z
Jun 7, 2020

The older version that we are using is very primitive. You have to do every step, right from setting up an application to the user. The code has to sit in a particular folder and all of the open-source dependencies have to be there. With everything in one folder, it starts to scan. As we are using Code Center, we need to ensure that all of the components are there. However, there are thousands of components and for each submission, the components have to be there. There are no bulk submissions or bulk transfers. Essentially, you need to write your own scripts with the APIs to do it more efficiently. It needs to be more user-friendly for developers and in general, to ensure compliance. The scanning should be quick and easy to use, rather than complex. The pricing for this solution should definitely be lower.

ZR
Real User
2020-01-15T08:04:00Z
Jan 15, 2020

In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is separated into sub-scans. If you want the status on a certain scan, you can't get it automatically and it can sometimes take a couple of hours. If you want to attach the scan into a CI process and then get an actual result it cannot provide an accurate status. We are running a Proscan developed in-house and this manipulates the result. It doesn't change the result but it adds some attributes to it. For instance, it gets an alter source and it gives you a link for the domain where you can read more about it. Or if the GUI suggests the conversion, and provides an excel report, you do not really need to go to the GUI, it can be accessed by email after the scan. These attributes and manipulations are done by the API developed in-house for the GUI. For additional features, I'd like to be able to see SQL on demand, side by side. I'd like to be able to change a room with managed components inside the project, and still have it affect other projects. There is currently no internal database for manual changes which would be a good addition. Also, it would be helpful to include isolation of parts from the doctor image, for instance.

TO
Reseller
2019-05-28T07:49:00Z
May 28, 2019

I would like to see more integration with other solutions, such as IntelliJ IDEA.

Software Composition Analysis (SCA)
Software Composition Analysis (SCA) is a crucial process that helps organizations identify, assess, and manage open source components within their software applications. With SCA tools, businesses can achieve several benefits, including identifying open source components, assessing security risks, ensuring compliance with licenses, and enhancing overall software quality.
Download Software Composition Analysis (SCA) ReportRead more