This is your compare tray

Apps you want to compare will be listed here. Launch a head to head comparison at any time.

Black Duck

Build secure, high-quality software faster.

see alternatives

Black Duck Pricing, Features, Reviews and Alternatives

Black Duck product overview

What is Black Duck?

Black Duck is an open source management software used by web developers and legal and security teams to discover, monitor, and manage open source vulnerabilities and license compliance. It uses a unique multi-factor detection technology to ensure security in code, binaries, and containers, and it allows the user to set open source security and use policies. Black Duck automatically scans for vulnerabilities and produces a comprehensive Bill of Materials to track identified risks. With Synopsys, your organization benefits from use of the Black Duck Knowledge Base, which contains over 4.5 million open source projects and 2,750 open source licenses, providing the most complete and comprehensive security coverage in the industry.

Key benefits of using Black Duck

  • Detect partial and modified components.
  • Identify and inventory open source software used in applications.
  • Map components to known vulnerabilities and license requirements.
  • Continuously monitor and alert for new open source vulnerabilities.
  • Assist teams in remediation with orchestration and policy enforcement.
  • Typical customers

    Freelancers
    Small businesses
    Mid size businesses
    Large enterprises

    Platforms supported

    Web
    Android
    iPhone/iPad

    Support options

    Email/Help Desk
    Knowledge Base
    Phone Support
    FAQs/Forum
    24/7 (Live rep)

    Training options

    Documentation
    In Person
    Videos
    Live Online
    Webinars

    Black Duck pricing information

    Value for money

    3.8

    /5

    29

    Price starts from

    No info

    Pricing options

    Free plan
    Subscription
    Free trial
    Pricing range

    Black Duck features

    Functionality

    4.0

    /5

    29
    Total Features26 8 categories

    Most valued features by users

    Compliance Management
    Monitoring
    API
    Reporting & Statistics
    Reporting/Analytics
    Policy Management
    Third Party Integrations
    Activity Tracking

    Black Duck users reviews

    Overall rating

    4.2

    /5

    29

    Positive reviews

    83%

    Write a review
    Rating breakdown
    • Value for money
    • Ease of use
    • Features
    • Customer support
    • Likelihood to recommend7.38/10
    Rating distribution

    5

    4

    3

    2

    1

    12

    12

    4

    1

    0

    Pros
    I love the speed and overall simplicity of the application. It does a good job of finding most open source packages and performs identification automatically.

    EC

    Emmanuel C.

    The ease of identifying and managing the open source code and as well examining the source code for vulnerabilities and specifically the hidden security vulnerabilities is amazing.

    ra

    rajiv a.

    The thing I like most about the Hub is the integrations. Engineers are moving toward a more automated build process and a have a tool that can support that is very nice.

    MS

    Maurice S.

    Cons
    Some of the upgrades did not go smoothly. Some of the information that most IT departments require seems to be missing from the documentation.

    FF

    Frank F.

    Upgrading it is a major pain / undertaking. Each time we need to upgrade the system we have to do the equivalent of installing it from scratch.

    AW

    Andrew W.

    There are a lot of false alarms that should be corrected to update its database.

    BS

    Basma S.

    Overall Rating
    • Value for money
    • Ease of use
    • Features
    • Customer support
    • Likelihood to recommend9/10

    Share this review:

    Black Duck - The goto tool for Software Composition Analysis

    Reviewed 5 months ago

    Excellent experience starting from the concept phase, evaluation phase and then later the complete implementation. Its a great tool in the domain of security and a must have

    Pros

    An updated vulnerability list and ease of Maintainance and administration are the key features of the tool. Moreover, its a breeze to integrate with various CI/CD toolsets ensuring a great DevSecOps practice

    Cons

    I guess in general DevSecOps is still a recent phenomenon and developers and engineers need to get themselves well acquainted with such security concepts

    Overall Rating
    • Value for money
    • Ease of use
    • Features
    • Customer support
    • Likelihood to recommend10/10

    Share this review:

    The ease of identifying and managing the open source code vulnerabilities and license risks.

    Reviewed 4 years ago

    Ease in identifying the security exposures and hidden vulnerabilities created by open source components. Time to market is faster for identifying the vulnerabilities early during the development stage. open source license management becomes so easy now.

    Pros

    The ease of identifying and managing the open source code and as well examining the source code for vulnerabilities and specifically the hidden security vulnerabilities is amazing. This is the product that every organization should look out to manage the source code for identifying quickly about vulnerabilities, open source code license management which can be lethal if ignored. Easily integrates...

    Cons

    Improve in reporting, and better API experience. Black Duck is a duckling and is growing fast.Suggest black duck to update the KBs quickly.

    Overall Rating
    • Value for money
    • Ease of use
    • Features
    • Customer support
    • Likelihood to recommend7/10

    Share this review:

    Great software which I believe in, but not a pain free experience.

    Reviewed 4 years ago

    Ability to detect open source vulnerabilities in our code.

    Pros

    Ability to detect open source vulnerabilities in our code. Pre-sales contact & support was good (demo, trial etc). Clean interface. Performance improved in v4.0.0.

    Cons

    Difficult installation process, made more complicated with the introduction of Docker in v4.0.0 & with introduction of mandatory SSL/TLS web server certificate which requires troubleshooting trust issues. Support team are reluctant to pick up the phone or enter into telephone support, with sporadic email communication being the favoured option. Some gaps in documentation. Why is there no pre-built Black Duck Hub virtual appliance that I can drop into VMware? No documentation for implementing with vSphere Integrated Containers (VIC), only documentation for Docker & Openshift. Reporting improvements still to be made.

    Vendor response

    Thank you for providing feedback about your experience with Black Duck Hub. We¿re so sorry you are having issues ¿ and we¿d like to work together to fix that. We have escalated your case so that we can resolve it quickly. Our customer support team strives to provide support in the way that works best for you, so we noted in your account that you prefer to be reached via phone. A senior support...

    Overall Rating
    • Value for money
    • Ease of use
    • Features
    • Customer support
    • Likelihood to recommend10/10

    Share this review:

    Using Black Duck HUB for Open Source Governance in software projects.

    Reviewed 4 years ago

    We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components.

    Pros

    We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components. A very good thing is that it provide features for code scanning, independently from language and technology, also integrated with CI/CD tools like Jenkins. The GUI is very easy to use and intuitive,...

    Cons

    Black Duck HUB is a quite new product, despite it has very famous and consolidate ancestors like Protex. So some features can improve and better meet users needs, especially about reports and API. Also documentation can improve .

    Overall Rating
    • Value for money
    • Ease of use
    • Features
    • Customer support

    Share this review:

    So far my experience with BlackDuck is great. I have seen almost positive response pretty much

    Reviewed 5 years ago
    Pros

    I like BD Hub when compare to Protex and CodeCenter. It's easy to handle and all in place rather than 2 legs at 2 different places. I have seen little issue with GUI provided along with Hub bit it's managable. The integration with Hub was easy along with Jenkins, Coverity, Jira and other tools. If properly integrated BD Hub along with Jenkins then the issue can be identified with Opertaional/Vulnerability/License much earlier than later. The Hub version of current one in-terms installation looks easy as one bundle instead of few different add-ons as prior. I had little issues while installation since of pre required suff with Linux lsb since it had multiple dependencies, otherwise it was easy to breeze through. Overall, my experience is good so far.

    Cons

    I have only exposures to 3 BD softwares Protex, CodeCenter and Hub. Out of it, I like Protex as least one. Since it was NOT very much user friendly. It's my experience but could have been better.

    Vendor response

    Thank you for sharing your feedback. We agree with you - the integrations for Hub make identifying open source risks earlier in the SDLC much simpler. Please reach out to support if you have any questions.

    Black Duck FAQs and common questions

    Black Duck has the following pricing plans:
    Free Trial: Available


    Black Duck has the following typical customers:
    Large Enterprises, Mid Size Business, Small Business


    Black Duck supports the following languages:
    English, Japanese, Chinese (Simplified)


    Yes, Black Duck has an API available for use.


    Black Duck integrates with the following applications:
    Microsoft Visual Studio, GitHub, VMware Tanzu, Jira, Microsoft Azure, PyCharm, Travis CI, PhpStorm, GitLab, Jenkins, IntelliJ IDEA, Slack, ThreadFix, TeamCity, WebStorm, Google Cloud Platform, OpenShift, Docker Cloud, Mercurial, Eclipse


    Black Duck offers the following support options:
    Email/Help Desk, Knowledge Base, Phone Support, FAQs/Forum, 24/7 (Live rep)

    Common Black Duck comparisons

    Related categories