Black Duck® Suite™
The Black Duck® Suite is an advanced enterprise-class solution to the unique management, compliance and security challenges associated with open source. It brings together the Black Duck Code Center, Export and Protex products into a unified framework. Code Center supports the front-end of the development process where developers search for and select open source components, as well as the ongoing monitoring of the components in use. Protex and Export are used on the back end of the process when code needs to be validated before it is deployed. The foundation of the Black Duck Suite is the Black Duck KnowledgeBase. Each of the Black Duck products is a modular component that fits into the KnowledgeBase and Suite framework and can be configured to meet individual needs and requirements.
Click on the thumbnail for a graphical representation of the Black Duck suite:
Catalog
The Catalog is the local database of component usage within an enterprise. It reflects components that have gone through an automated Approval process and have been approved, rejected, or are in-process. It also tracks where components are being used. When developers Search for and Select components, the catalog may be searched in parallel with the KnowledgeBase in order to encourage the usage of components that are already in use in the organization and decrease component (and version) proliferation. Catalog components can come from the KnowledgeBase or be created locally to represent other software that might be incorporated in an application.
The Catalog enables the Monitoring of components already in use. When a KnowledgeBase update arrives, it is mapped against the list of components and this information is used to generate alerts based on component usage. For example, if 3 out of 500 applications in the organization are using a particular version of Apache Tomcat, and that particular version of Tomcat is discovered to have a security vulnerability, email alerts can be generated for the internal owners for the 3 relevant applications.
Approval Workflow
The approval workflow enables a customized Approval process, dependent on an organizations structure and policies. Developers, using new enhanced automation for approval requests, submit components and approval criteria to approval boards, which may approve, reject, approve with restrictions, or request more information. Information pertaining to the approval process is captured in the catalog, making it easier for developers to view pending requests, past requests and approvals, as well as requests from other users.
Validation Engines
The validation engines scan source code and binary files to discover unknown and unapproved software, automatically comparing the scanned code base to the known universe of open source code in the KnowledgeBase. Enabled by a new advanced framework to automate the discovery and identification of FOSS and other code, the system provides a configurable automation framework which leverages the breadth and depth of Black Duck’s KnowledgeBase and multiple sophisticated matching techniques. When an analysis is done to compare the actual components found with the approved component list we refer to this as Validation.
Bill of Materials
The Bill of Materials, the list of components in an application or product, is used for validation. The approved Bill of Materials is the aggregation of all of the components for an application that have gone through the approval process. The actual Bill of Materials is the aggregation of all of the components for an application that have been found through validation. A compliant application will have approved and actual Bills of Material that are the same. Mismatches indicate either unapproved code in an application’s code base, or missing components.How can you find out more information?
For additional information about Black Duck Suite, we offer the following resources:
