Automate Open Source Governance and Compliance
Whether your organization is proactively using open source, looking for more control and visibility of open source in your code base or wants to audit code from suppliers, the Black Duck® Suite helps maximize the benefits of open source while managing the associated legal, operational and security risks. The Suite automates open source governance and compliance, plus continually monitors for security vulnerabilities enabling development organizations to fully realize the power of open source technologies and methods to achieve business objectives faster.
A comprehensive, automated approach to governance and compliance that integrates across the application development lifecycle is critical. The Suite automates key processes including: code acquisition, approval, scanning, validation, cataloging and monitoring. It is highly scalable and can support development teams of any size, whether co-located or geographically distributed, and can be deployed on premises or as software as a service (SaaS).
Deep License Data™ goes beyond the top-level declared license of an open source project, providing up-front visibility into embedded licenses – those licenses that exist within projects and are not readily identifiable – which are often carried over when code from other projects are included. Deep License Data helps organizations:
- Know exactly what license information exists in a component before it enters your code stream.
- Make more informed decisions up-front during component selection and approval processes, reducing license-related issues or rework later in the SDLC.
- Expand the potential pool of open source projects to choose from by offering visibility into projects with no declared license.
- Automated governance with a customizable approval workflow to reinforce your organization’s policies and procedures
- Automated compliance with code scanning and auditing to discover and control unknown or unapproved software
- Automated open source security vulnerability identification and monitoring
- A catalog for open source, commercial and internally-developed software that allows developers to easily find, track and reuse approved code
- Comprehensive code search to help developers find and choose components, tapping the Black Duck® KnowledgeBase™ as well as a client’s internal catalog
- A tool integration framework that is repository-neutral, including easy integration with issue tracking and build systems, software configuration management systems (CMS) and tools
To learn more about how the Black Duck Suite can help your organization maximize the power of open source, contact us at firstname.lastname@example.org.