Black Duck: Overview

Black Duck is a complete open source management solution, which fully discovers all open source in your code.  It can map components to known vulnerabilities, and identify license and component quality risks.  You can use Black Duck to set and enforce open source policies, and integrate open source management into your DevOps environment.  Additionally, Black Duck monitors and alerts you when new threats are reported.

Black Duck helps security and development teams identify and mitigate open source related risks across application portfolios. Black Duck:

• Scans and identifies open source software throughout your code base.

• Maps vulnerabilities to your open source software.

• Triages vulnerability results and tracks remediation.

• Monitors for newly disclosed vulnerabilities in your open source code.

• Finds and fixes open source vulnerabilities in applications and containers.

Consider this:

Thousands of open source vulnerabilities are reported each year. Most organizations have over 30% open source in their code. 98% of companies are unaware of the open source code they use.  Black Duck On-Demand audits reveal that 67% of applications contain open source vulnerabilities, and 40% of those are considered high severity.  However, most organizations track less than half of the open source they use. If you don't know what's in your code, you leave your systems, data, and customers at risk.

Black Duck can:

• Scan code to identify all embedded open source components.

• Automatically map open source in use to known vulnerabilities.

• Continuously monitor for new vulnerabilities as they are reported.

• Prioritize and track your remediation efforts.