Black Duck Hub Pricing, Features, Reviews & Alternatives

Black Duck Hub

Complete open source management solution

4.18/5 (28 reviews)

Black Duck Hub overview

What is Black Duck Hub?

Black Duck Hub is an open source management software for web developers to discover, monitor and manage open source security vulnerabilities and license compliance. Black Duck Hub enables users to automate the process of securing open source software and managing security vulnerabilities and open source license compliance and operational risk with scanning, monitoring, alerting technology.
www.blackducksoftware.com

Pricing

Starting from
$5000
Pricing options
Free trial
Value for money
View Pricing Plans

Devices

Business size

S
M
L

Markets

United States

Supported languages

English
Black Duck Hub screenshot: View vulnerability dataBlack Duck 3.0: Enhanced Open Source Security via Policy ManagementBlack Duck Hub screenshot: Identify open source in code, binaries, and containersBlack Duck Hub screenshot: Identify license and component quality risksBlack Duck Hub screenshot: Set and enforce open source use and security policies
Have you already used Black Duck Hub?
Help us improve the recommendations we show you.

Black Duck Hub user reviews

Value for money
Features
Ease of use
Customer support
  3.8
  4.0
  3.7
  4.1
Anonymous

Ease of Use and extensible integration availability

Used occasionally for 1-2 years
Reviewed 2018-04-10
Review Source: GetApp

Pros
The integrations points are quite very wide and cater to whatever type of CI/ CDthat you may want to use, also, the IDE integrations are quite easy to deploy, thereby not locking you into a corner if your DevOps team are fixed on one particular type of technologies. Also, the accuracy and detection capability seems to be very solid

Cons
not sure if there is something that i did not really like, maybe initially it did not have the code snippets, but that has been taken care of now ; giving the solution better capability and usage experience

Rating breakdown

Value for money
Ease of use
Features
Customer support

Likelihood to recommend: 10/10

Minimize review

rajiv a.

The ease of identifying and managing the open source code vulnerabilities and license risks.

Used daily for 6-12 months
Reviewed 2017-08-29
Review Source: Capterra

Ease in identifying the security exposures and hidden vulnerabilities created by open source components. Time to market is faster for identifying the vulnerabilities early during the development stage. open source license management becomes so easy now.

Pros
The ease of identifying and managing the open source code and as well examining the source code for vulnerabilities and specifically the hidden security vulnerabilities is amazing. This is the product that every organization should look out to manage the source code for identifying quickly about vulnerabilities, open source code license management which can be lethal if ignored. Easily integrates with your current CI engines and sets the pace for your time to market. Ease in identifying the security exposures and hidden vulnerabilities created by open source components. Time to market is faster for identifying the vulnerabilities early during the development stage. open source license management becomes so easy now. The product is really amazing already. Hub knowledge bases are huge and growing day by day.

Cons
Improve in reporting, and better API experience. Black Duck is a duckling and is growing fast.Suggest black duck to update the KBs quickly.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Likelihood to recommend: 10/10

Minimize review

Pete T.

Great software which I believe in, but not a pain free experience.

Used weekly for 6-12 months
Reviewed 2017-07-26
Review Source: Capterra

Ability to detect open source vulnerabilities in our code.

Pros
Ability to detect open source vulnerabilities in our code. Pre-sales contact & support was good (demo, trial etc). Clean interface. Performance improved in v4.0.0.

Cons
Difficult installation process, made more complicated with the introduction of Docker in v4.0.0 & with introduction of mandatory SSL/TLS web server certificate which requires troubleshooting trust issues. Support team are reluctant to pick up the phone or enter into telephone support, with sporadic email communication being the favoured option. Some gaps in documentation. Why is there no pre-built Black Duck Hub virtual appliance that I can drop into VMware? No documentation for implementing with vSphere Integrated Containers (VIC), only documentation for Docker & Openshift. Reporting improvements still to be made.

Response from Black Duck


Thank you for providing feedback about your experience with Black Duck Hub. We¿re so sorry you are having issues ¿ and we¿d like to work together to fix that. We have escalated your case so that we can resolve it quickly.

Our customer support team strives to provide support in the way that works best for you, so we noted in your account that you prefer to be reached via phone. A senior support representative will reach out to you via phone.

Many of the issues you experienced during deployment were due to our old AppMgr architecture. The new Docker deployment is a more stable environment built to fix many of the issues you experienced. The Docker deployment can be harder to implement and run the first time; our senior support representative will be guiding you through this process. We will do better next time you have an issue; please escalate any issues you have to your Customer Success Manager.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Likelihood to recommend: 7/10

Minimize review

Marco I.

Using Black Duck HUB for Open Source Governance in software projects.

Used daily for less than 6 months
Reviewed 2017-09-30
Review Source: Capterra

We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components.

Pros
We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components. A very good thing is that it provide features for code scanning, independently from language and technology, also integrated with CI/CD tools like Jenkins. The GUI is very easy to use and intuitive, the dashboard give a lot of information about Open Source Components in the project and you can take advantage of notification about new vulnerability. In the latest versions Back Duck Hub is also improved in remediation suggestions about vulnerability. Black Duck provide also good reports and you can customize it using restful API and direct access to a Report Database. What is more it is really easy to install, we use the docker compose version: just install Docker, download images and run a command to set up the environment or upgrade to a new version! Last but not least the technical support and customer care is really good.

Cons
Black Duck HUB is a quite new product, despite it has very famous and consolidate ancestors like Protex. So some features can improve and better meet users needs, especially about reports and API. Also documentation can improve .

Rating breakdown

Value for money
Ease of use
Features
Customer support

Likelihood to recommend: 10/10

Minimize review

Emmanuel C.

Excellent open source governance tool!

Used daily for 6-12 months
Reviewed 2017-07-25
Review Source: Capterra

Pros
I love the speed and overall simplicity of the application. It does a good job of finding most open source packages and performs identification automatically. It is very useful to see where a component is being used across my organization, as well as see other factors beyond license risk like security and operational risk.

Cons
The application is expensive due to the billing model that enforces a quota on amount of code scanned. This disincentivizes me to use the application when I would ordinarily want to scan as much of my code as possible due to its ease of use. It has fewer features when compared to Protex, but Black Duck is slowly resolving this.

Response from Black Duck


Thank you for your feedback, we love hearing from our customers. You are correct ¿ Hub features are continually improved and we hope you are staying up to date and enjoying the new features. We have been working hard to close the gap on feature differences, and most will be available in Hub by end of the year. Additionally, Hub has many features not available in Protex, including showing security vulnerabilities. If you haven¿t already checked it out, check out one of our favorite new features in this video (https://www.youtube.com/watch?v=_4v2WwVQs1I) ¿ Hub Detect!

Rating breakdown

Value for money
Ease of use
Features
Customer support

Minimize review

Black Duck Hub pricing

Starting from
$5000
Pricing options
Free trial
View Pricing Plans

Contact Black Duck Hub for detailed pricing information.

Black Duck Hub features

API
Activity Tracking
Audit Management
Monitoring
Policy Management
Third Party Integrations
Vulnerability Scanning

Access Controls/Permissions (223 other apps)
Activity Dashboard (189 other apps)
Alerts/Notifications (158 other apps)
Audit Trail (111 other apps)
Authentication (107 other apps)
Compliance Management (206 other apps)
Incident Management (119 other apps)
Real Time Monitoring (158 other apps)
Reporting & Statistics (166 other apps)
Reporting/Analytics (171 other apps)
Search/Filter (110 other apps)
Secure Data Storage (109 other apps)
User Management (115 other apps)

Videos and tutorials

Additional information for Black Duck Hub

Key features of Black Duck Hub

  • A set of guidelines regarding different business scenarios
  • Access to a library of manufacturing parts, models, and specs
  • Allows for integration with other systems/databases
  • An assembly of graphs and charts for tracking statistics and metrics
  • Create, store and share information, data, and support articles in a centralized database
  • Discover patch statuses and vulnerabilities
  • Identify and respond to security threats to developed applications
  • Improve business process by accessing more features and applications by combining third party integrations
  • Initiate collection and analysis of key information pertaining to enterprise risk
  • Maintains a history of customer licenses
  • Manage license during trial period while allowing to use all the features
  • Manage various aspects of the relationship with suppliers (e.g. interactions, history)
  • Monitor and track project related activities based on various metrics
  • Monitor assets (i.e. equipment, tools, software, hardware, etc.) lifecycle and usage from acquisition to retirement
  • Plan, schedule, and execute organization's accounts and assets to ensure they all comply with policies, laws, and requirements.
  • Reporting on how each task or process has advanced since its initiation
  • Run tests on the network to find the root cause of the network issues
  • Streamline and manage the process of granting permission to the correct parties throughout task progression
  • Supports XP, Adaptive Project Framework, Kanban, and Scrum
  • The ability to scan barcodes to ensure accurate pricing and label tracking
  • Track and report regulatory data to either internal management or external stakeholders
  • Validation procedure for activating software license/programs
View All Features

Benefits

Detect partial and modified components.
Identify and inventory open source software used in applications.
Map components to known vulnerabilities and license requirements.
Continuously monitor and alert for new open source vulnerabilities.
Assist teams in remediation with orchestration and policy enforcement.