Black Duck

(11)
3.6 out of 5 stars

Organizations worldwide use Black Duck to secure and manage the open source software in their applications and containers.

Work for Black Duck?

Learning about Black Duck?

We can help you find the solution that fits you best.

Black Duck Reviews

Ask Black Duck a Question
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
Ratings
Company Size
User Role
User Industry
Showing 11 Black Duck reviews
LinkedIn Connections
Black Duck review by <span>rajiv a.</span>
rajiv a.
Validated Reviewer
Verified Current User
Organic
Reviewed On

Black Duck is the way to go for your open source code management

What do you like best?

The ease of identifying and managing the open source code and as well examining the source code for vulnerabilities and specifically the hidden security vulnerabilities is amazing. This is the product that every organization should look out to manage the source code for identifying quickly about vulnerabilities, open source code license management which can be lethal if ignored. Easily integrates with your current CI engines and sets the pace for your time to market.

The Web UI is well built, easy to navigate and makes the experience so easy to handle the product.

Easy docker based hub installation.

What do you dislike?

The product is really amazing already. Hub knowledge bases are huge and growing day by day. Suggest black duck to update the KBs quickly. And may be a web link shared to all the customers, who can post about the new open source bundle to fasten the on boarding of the new item. Black Duck is a duckling and is growing fast.

What business problems are you solving with the product? What benefits have you realized?

Ease in identifying the security exposures and hidden vulnerabilities created by open source components.

Time to market is faster for identifying the vulnerabilities early during the development stage.

open source license management becomes so easy now.

Sign in to G2 Crowd to see what your connections have to say about Black Duck
Headshots
Black Duck review by <span>Franklin D.</span>
Franklin D.
Validated Reviewer
Verified Current User
Invitation from a vendor or affiliate
Reviewed On

Fast scanning, good ID of open source vulnerabilities, but workflow is lacking

What do you like best?

The Hub product is very fast at scanning our software. The Knowledge Base has improved so it is correctly identifying open source components most of the time. The UI is fast and nice looking.

What do you dislike?

Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component in other projects. It doesn't keep history of changes (updates to component matches, or mitigations), doesn't allow rolling back changes in a consistent way. The flow in the UI is very inefficient -- often way too many clicks to get to related information, hard to discover many of those pages. Then when you go back it loses the originally selected item, so you have to remember it, possibly scroll to the bottom and click to advance to the right page, and find the item.

What business problems are you solving with the product? What benefits have you realized?

We have customers who scan our software with Black Duck. Having it inhouse enables us to find reported vulnerabilities in our software before we ship it, or to find out about newly discovered vulnerabilities in our existing code before customers do, so we can fix things before they ship, or be ready with information for customers.

What Static Code Analysis solution do you use?

Thanks for letting us know!
Black Duck review by <span>Emmanuel C.</span>
Emmanuel C.
Validated Reviewer
Verified Current User
Invitation from a vendor or affiliate
Reviewed On

Essential!

What do you like best?

Black Duck has a long history of being the industry leader in open source scanning. Their new Black Duck Hub product is a refreshingly easy to use product that meets the majority of our needs and allows us to proceed with confidence that we are accurately accounting for our open source use.

What do you dislike?

While the product does meet the majority of our needs, it doesn't meet every need. However, Black Duck is very responsive and receptive to feature requests. I also dislike the usage-based billing. The product is so easy to use that I want to scan more of my code more frequently, but the usage-based billing puts me at odds with that desire.

What business problems are you solving with the product? What benefits have you realized?

This allows us to generate an inventory of all open source we are including in our products and thus mitigate our legal risk and protect our intellectual property.

Black Duck review by <span>Haresh S.</span>
Haresh S.
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

Quality open source detection

What do you like best?

It has a big knowledge base and when we started using it first for our new project to provide enhanced and ensured security ,we were able to understand them quite easier,thanks to the intuitive design and user friendly approach of design and layout they have enforced and most importantly open source detection on all cross platform browsers and dependency information for different languages like c++ and java

What do you dislike?

Devops integration is a time consuming process and we had to wait for a day to get them completed and got to track the complete progress and also to enforce them in IDE,build CI tools and container deployment platforms all the time and time reactive dynamic features for code snippets are a a hassle

Recommendations to others considering the product

Easy to use,understand the comprehensive data storage knowledge warehouse repository base

What business problems are you solving with the product? What benefits have you realized?

It helps in code security audits,code quality analysis, and encryption audits which are out of our scope and saves us a lot of time in understanding the requirement documents and saves a lot of dollars for the client and the vendor in a way

Black Duck review by <span>Britanny C.</span>
Britanny C.
Validated Reviewer
Invitation from G2 Crowd
Reviewed On

Waste of money

What do you like best?

The premise of the software is nice, but they did not deliver.

What do you dislike?

Missed key open source licensing issues and locked us into a 2-year contract. Expensive with no benefit since we ended up needing to check all the open source code we had personally. If we hadn't we could have faced significant licensing issues. Not a legally sound solution for open source licensing management.

Recommendations to others considering the product

Don't get locked into a contract, better yet don't sign up at all

What business problems are you solving with the product? What benefits have you realized?

Attempted to use BlackDuck for open source licensing management and, considering even a quick check found issues, realized it was a complete waste of money.

Black Duck review by <span>Frank F.</span>
Frank F.
Validated Reviewer
Verified Current User
Invitation from a vendor or affiliate
Reviewed On

Black Duck Hub

What do you like best?

Deployment was not too difficult, site works well, customer support is responsive. The Hub supports mixed LDAP/interal db authentication.

What do you dislike?

Some of the features we were interested in are still under development, due to be release later in the year.

Black Duck moved to a docker type of installation right after I deployed the solution. It would have been nice to have been given a heads up on this, I would have delayed a bit.

What business problems are you solving with the product? What benefits have you realized?

Open source licensing, security an operational risk analysis.

Kate avatar
Kate from G2 Crowd

Learning about Black Duck?

I can help.
* We monitor all Black Duck reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.