Black Duck Hub Features List

Black Duck Hub

Complete open source management solution

4.18/5 (28 reviews)

Black Duck Hub Feature Summary

  • License management
  • PDF protection
  • Trial license
  • Binary separation
  • Asset tracking
  • Audit management
  • Open source security
  • Open source compliance
  • Open source audits
  • Tracking features
  • Risk assessment
  • Activity tracking
  • Application security
  • Activity monitoring
  • Data mapping
  • Progress tracking
  • Bills of material
  • Automated scanning
  • Policy management
  • Vulnerability data
  • Vulnerability analysis
  • Knowledge base
  • Container security
  • Agile development
  • Third party integration
  • API
  • API availability
  • Approval process control

IT Security Feature Comparison

Most popular features of all IT Security apps

API (44 other apps)
Access Control (23 other apps)
Activity Dashboard (19 other apps)
Activity Tracking (11 other apps)
Application Security (25 other apps)
Applications Management (15 other apps)
Audit Trail (11 other apps)
Auditing (32 other apps)
Authentication (26 other apps)
Automatic Notifications (11 other apps)
Compliance Management (15 other apps)
Monitoring (35 other apps)
Password Management (21 other apps)
Permission Management (15 other apps)
Reporting & Statistics (14 other apps)
SSL Security (30 other apps)
Secure Data Storage (12 other apps)
Single Sign On (23 other apps)
Two-Factor Authentication (21 other apps)
Website Security (12 other apps)

Black Duck Hub Feature Reviews

25 reviewers had the following to say about Black Duck Hub's features:

rajiv aradhyula

The ease of identifying and managing the open source code vulnerabilities and license risks.

2017-08-29

Ease in identifying the security exposures and hidden vulnerabilities created by open source components.

Pros

The ease of identifying and managing the open source code and as well examining the source code for vulnerabilities and specifically the hidden security vulnerabilities is amazing.

Cons

Improve in reporting, and better API experience.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Likelihood to recommend

10/10
Source: Capterra
Helpful?   Yes   No
Read more
Tunde Ogunkoya

Super fast, neat and top notch solution for Software Composition Analysis

2017-07-31

Pros

The fact that it combines all three core areas of Open Source Security Management is a very deep advantage. whether the need is security or license risk management or operational risk concerns.

Cons

the fact that the code base monitored. would have been nice if the solution could be project based pricing or perhaps priced as a function of the number of lines of code.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 1-2 years

Frequency of use: Other

Likelihood to recommend

10/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for your feedback. We love hearing from our customers, and use this information to continuously improve our offering. Please contact support if you have any questions.

Read more
Marco Iusi

Using Black Duck HUB for Open Source Governance in software projects.

2017-09-30

We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components.

Pros

Black Duck provide also good reports and you can customize it using restful API and direct access to a Report Database.

Cons

So some features can improve and better meet users needs, especially about reports and API.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Daily

Likelihood to recommend

10/10
Source: Capterra
Helpful?   Yes   No
Read more
Emmanuel Canaan

Excellent open source governance tool!

2017-07-25

Pros

It is very useful to see where a component is being used across my organization, as well as see other factors beyond license risk like security and operational risk.

Cons

The application is expensive due to the billing model that enforces a quota on amount of code scanned.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for your feedback, we love hearing from our customers. You are correct ¿ Hub features are continually improved and we hope you are staying up to date and enjoying the new features. We have been working hard to close the gap on feature differences, and most will be available in Hub by end of the year. Additionally, Hub has many features not available in Protex, including showing security vulnerabilities. If you haven¿t already checked it out, check out one of our favorite new features in this video (https://www.youtube.com/watch?v=_4v2WwVQs1I) ¿ Hub Detect!

Read more
Philip Botha

Black Duck met Entersekt¿s checklist of what we needed in an OSS management solution.

2017-06-01

Pros

Seamless integration & ease of use; Relevant feedback; Earlier in the SDLC; Real-time and continuous monitoring; Automated Notifications; Easy-to-digest reports with minimal false positives; Jenkins support & secure scanning; Code doesnt leave intranet; Identify open source licenses

Cons

The navigation of the UI can do with some more intuitive organization potentially with some contextual assistance to interpret what the summary number mean exactly on some of the report screens.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Weekly

Likelihood to recommend

10/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for sharing a review, Philip! Your feedback helps us improve our product, and we look forward to future discussions with you.

Read more
Jason Latham

Excellent product . Post sale as good as pre sale

2017-06-22

Pros

Post sales ...supports dev, security and dev ops...policy implementation

Cons

Linux hosted

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Likelihood to recommend

10/10
Source: Capterra
Helpful?   Yes   No
Read more
Torsten Jenkner

This product is very powerful in analyzing, but still a lot of Manual work has to be done.

2017-07-26

abetter possibilty to assess open source software

Pros

the automations, the huge nowledge base and last but not least automatic reports. two different views, modern and classic.

Cons

the ease of use is unfortenatley complicated. In some cases it is unclear how to solve license conflicts for example. i would propose to make clearer what the detailed workflow steps for an analyze is.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Daily

Likelihood to recommend

7/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for your feedback, we are excited that the automations, knowledge base and automatic reports are working for you. Our engineering team will be reaching out to better understand your ease of use issues, including any specific feedback on licensing and analysis workflow required.

Read more
Mallika Gurram

Could be better for .Net applications.

2017-07-10

Pros

Could use more information for .Net applications though.

Cons

KB isn't really that good for third party dlls etc for .Net applications. If the Jsons we send out to customer support could be automated as well (by Jenkins plugin) that'd be helpful instead of manually running them.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Likelihood to recommend

5/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


We are glad that you find the reporting useful. Our recently released Hub Detect (in Hub 4.1) can generate Dry Runs, which should help with support processes. In addition, Hub Detect is also better at identifying Nuget packages. Documentation on how to set up Hub Detect can be found here: https://blackducksoftware.atlassian.net/wiki/spaces/INTDOCS/pages/49131875/Hub+Detect. We¿ll reach out to help answer any remaining questions you may have.

Read more
Ed Sutton

Great experience. API needs a little work

2017-07-31

Lots of information readily available

Pros

Also being able to follow the breadcrumbs to CVE reports.

Cons

The REST API is extremely hard to work with and needs to be more user friendly.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Monthly

Likelihood to recommend

8/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thanks for sharing your experience ¿ we are so glad that you are finding value in Black Duck. We appreciate the feedback on the Rest API, and a member of our product team will be reaching out to better understand your current implementation and help recommend a solution.

Read more
Pete Toze

Great software which I believe in, but not a pain free experience.

2017-07-26

Ability to detect open source vulnerabilities in our code.

Pros

Clean interface. Performance improved in v4.0.0.

Cons

Difficult installation process, made more complicated with the introduction of Docker in v4.0.0 & with introduction of mandatory SSL/TLS web server certificate which requires troubleshooting trust issues.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Weekly

Likelihood to recommend

7/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for providing feedback about your experience with Black Duck Hub. We¿re so sorry you are having issues ¿ and we¿d like to work together to fix that. We have escalated your case so that we can resolve it quickly.

Our customer support team strives to provide support in the way that works best for you, so we noted in your account that you prefer to be reached via phone. A senior support representative will reach out to you via phone.

Many of the issues you experienced during deployment were due to our old AppMgr architecture. The new Docker deployment is a more stable environment built to fix many of the issues you experienced. The Docker deployment can be harder to implement and run the first time; our senior support representative will be guiding you through this process. We will do better next time you have an issue; please escalate any issues you have to your Customer Success Manager.

Read more
Max Gartman

implementation is very difficult

2017-08-02

Pros

fast turnaround and ability to dig into results at the file level. That's about it. Nothing more to say.

Cons

implementation is very difficult, and support for python appears to be based around libraries, not applications.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Other

Likelihood to recommend

5/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for your review. We have recently released a new deployment architecture with Hub 4.0 that should help alleviate some of that pain. Hub 4.1 includes improving python support with our brand new Hub Detect feature (check out the video here: https://www.youtube.com/watch?v=_4v2WwVQs1I). Our team will reach out to discuss your feedback and help answer any questions regarding the new features.

Read more
Mike Flynn

just started using it

2017-07-31

list of open source licenses as well as where our code is using these to validate we are using them correctly

Pros

right now we have it setup to automatically scan using bamboo as the scheduler, we also set it up to email users using the hub apis to get the "failures" out to let developers know where issues are

Cons

being able to setup the repositories for internal vs externally facing code without getting help to do this

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Likelihood to recommend

7/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thanks for your review ¿ we¿re glad that you are able to understand your code better. Someone from our product team will be reaching out to better understand additional requirements and to help you get these deployed appropriately.

Read more
Naveen Guruju

Technical Customer support is not good taking ages to resolve the issue

2017-08-01

Web Interface and easy to the scan tool Web GUI performance is better then old version.

Pros

Manual scan do not work on Linux servers

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 1-2 years

Frequency of use: Daily

Likelihood to recommend

2/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thanks for bringing this to our attention. We strive to make installs and upgrades as smooth as possible for our customers but unfortunately we can¿t always plan for all scenarios. We value your feedback and our support team will be reaching out.

Read more
Frank Falcone

Helps identify the open source software in use in our projects.

2017-08-07

Pros

Company is very responsive to any false findings the tool reports.

Cons

The group roles (ie Policy manager) would be nice to assign on a project by project basis as opposed to site wide.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Weekly

Likelihood to recommend

8/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


We are glad you find our team responsive to your needs. Hopefully our new, container based architecture helps address the upgrade issues (if you haven¿t heard about it yet, check out the video here: https://www.youtube.com/watch?v=kvkqzFm4bgA&t=1s). We know that user and role management are important features and we continually enhance them based on customer feedback. We appreciate your feedback and will reach out to make sure we understand all the specifics to help guide future consideration.

Read more
Franklin Davis

Pretty good at finding vulnerabilities; workflow to keep track of mitigations is hopeless

2017-07-28

We are able to anticipate the issues that our customers will find in our software when they scan it with Black Duck, before we ship to them. Thus, we can mitigate problems before they go out the door.

Pros

The new Hub product is very fast to scan software, and the UI is responsive and nice-looking.

Cons

There is no support for a workflow that keeps track of changes we make.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 2+ years

Frequency of use: Monthly

Likelihood to recommend

6/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thanks so much for your review ¿ we always value feedback and while we appreciate your complements, we also really appreciate your feedback on areas of improvement. As always, our product team values your insights to improve the experience and keep the bar high. Regarding change history and UI issues, we are working to continue improving this area, including visibility and ease of use in upcoming releases. Our latest 4.0 release made some changes to improve UI navigation (especially when navigating back to list screens) that should help ¿ please check it out and let us know your thoughts! Thanks again for your feedback.

Read more
Christian Schwarz

Easy to integrate with our Continuous Integration framework.

2017-08-21

Pros

It is easy to interface with other services such as ticketing systems and the like.

Cons

The third category, operational risks, is not really clear and customer support initially suggested to ignore them. I am still confused by how the rating is done although it could be valuable.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Weekly

Likelihood to recommend

8/10
Source: Capterra
Helpful?   Yes   No
Read more
Viren Karia

Open Software Software Governance

2017-08-11

Pros

Blackduck is the industry leader in Open Source Software governance. Black Duck enable us to not only look into our code base and establish a clean bill of materials, including all OSS components,

Cons

Obviously there some feature other comparable solutions does better than then Blackduck.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Weekly

Likelihood to recommend

10/10
Source: Capterra
Helpful?   Yes   No
Read more
Ludmila Fisher

I couldn't find clear instructions on how to integrate scan with TFS builds.

2017-07-31

Pros

I like that identification of open source software is automatic for most part.

Cons

It's different links to change license and version. It would be nice to have one location to make all changes if needed.

Rating breakdown

Ease of use
Features

Time used: Less than 6 months

Frequency of use: Other

Likelihood to recommend

7/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thanks for your feedback.

Black Duck leverages multiple scanning techniques to get the most accurate number of matches for your codebase. We have launched Hub-Detect (https://www.github.com/blackducksoftware.com/hub-detect/), which is an umbrella implementation that leverages all our scanning techniques OTB! For your situation, you can invoke this implementation as a post-build step within your TFS job or alternatively, even run it from the command line. This ensures you have a single solution doing all your scans and ensuring you get complete results rolled up into your project.

This implementation is available with your existing Hub license and can be downloaded from GitHub here (https://www.github.com/blackducksoftware.com/hub-detect/).
As always, documentation for all our integrations will be on our public wiki space. Watch this space for the user guide at https://blackducksoftware.atlassian.net/wiki/spaces/INTDOCS/overview.
Contact support if you need help.

Read more
Andrew Wheeler

It filled the needs of our team.

2017-06-28

Pros

New feature are constantly being added.

Cons

Upgrading it is a major pain / undertaking. Each time we need to upgrade the system we have to do the equivalent of installing it from scratch.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Source: Capterra
Helpful?   Yes   No

Response from Black Duck


We are glad you are pleased with our new features and the support you have received. We recently released a new deployment architecture with Hub 4.0, which should help alleviate some of that pain. In fact, our VP of Engineering just released this video https://www.youtube.com/watch?v=kvkqzFm4bgA to help answer some of the customer questions we¿ve received. Your CSM will be in touch to help answer any additional questions. In the meantime, please reach out to support.

Read more
Sanjay Kashyap

Customer Support was quick & helpful. Most of the software already up there & less turnaround time

2017-07-26

Helped to verify the softwares for our product software developed in external environment by vendor.

Pros

Simple and easy to use, Responsive Customer support.

Cons

However would like to see latest softwares already added so that easy for the users.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Weekly

Likelihood to recommend

8/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you so much for your feedback! We love hearing from our customers and are working to make our updates as easy as possible for you.

Read more
Basma Shahadat

Stable Software to identify open source vulnerabilities

2017-06-29

Pros

It is very easy to use and integrate with the current continuous integration infrastructure.

Cons

It should focus on improving findings.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 6-12 months

Frequency of use: Daily

Likelihood to recommend

7/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for your review and we are glad you are enjoying the continued improvements. We are continuing to improve our language database and have recently released features in Hub 4.1 that should help improve scan results ¿ check out our new video blog that highlights these features here: https://www.youtube.com/watch?v=_4v2WwVQs1I. Your CSM will reach out to help you with your specific use cases.

Read more
Phutthipong Prayunsaowaphak

It's tooling to scan code

2017-07-31

Save my time

Pros

save time for checking open source software and hiligh on source code that same open source software

Cons

In my job work on embeded system, our code size is very small (under 100 kB).

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Other

Likelihood to recommend

6/10
Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for providing your feedback. We love hearing from our customers! We're glad that our tools are helping you save time. If you need help with integrations or upgrades, please contact our customer support team.

Read more
Anonymous
Consulting Partner, Cyber Security Delivery - Africa (Information Technology and Services company, 1-10 employees)
Verified Reviewer

Ease of Use and extensible integration availability

2018-04-10

Pros

The integrations points are quite very wide and cater to whatever type of CI/ CDthat you may want to use, also, the IDE integrations are quite easy to deploy, thereby not locking you into a corner if your DevOps team are fixed on one particular type of technologies.

Cons

not sure if there is something that i did not really like, maybe initially it did not have the code snippets, but that has been taken care of now ; giving the solution better capability and usage experience

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 1-2 years

Frequency of use: Other

Likelihood to recommend

10/10
Source: GetApp
Helpful?   Yes   No
Read more
Benjamin Paz

Verified Reviewer

Black Duck does not provide integration with Eclipse (or other IDE)

2017-11-08

Pros

We have installed Black Duck hub and integrated with Bamboo. This is good for our pipeline workflow and subsequent analysis of findings.

Cons

This is vital to our DevOps workflow where we want to enable developers to identify issues based on findings with Black Duck hub in their local Eclipse.

Rating breakdown

Ease of use
Features
Customer support

Time used: Less than 6 months

Frequency of use: Daily

Likelihood to recommend

2/10
Source: GetApp
Helpful?   Yes   No

Response from Black Duck Software


Thank you for taking the time to review Black Duck Hub on GetApp. Currently Black Duck Hub integrates with Eclipse & Visual Studio IDEs. In Eclipse, we support Maven and Gradle package managers. Our Product Manager is interested to hear your feedback directly to understand how you are looking to use the integration and help bridge any gaps. Your Customer Success Manager will be reaching out to facilitate this call at your earliest convenience.

Read more
Ramani Sridharan

So far my experience with BlackDuck is great. I have seen almost positive response pretty much

2017-06-29

Pros

I like BD Hub when compare to Protex and CodeCenter. It's easy to handle and all in place rather than 2 legs at 2 different places.

Cons

I have only exposures to 3 BD softwares Protex, CodeCenter and Hub. Out of it, I like Protex as least one. Since it was NOT very much user friendly. It's my experience but could have been better.

Rating breakdown

Value for money
Ease of use
Features
Customer support

Time used: 1-2 years

Frequency of use: Weekly

Source: Capterra
Helpful?   Yes   No

Response from Black Duck


Thank you for sharing your feedback. We agree with you - the integrations for Hub make identifying open source risks earlier in the SDLC much simpler. Please reach out to support if you have any questions.

Read more