Over 2000 organizations worldwide trust Black Duck to secure
and manage open source software in their applications and containers.

open source management and security solutions

Open Source
Security

Find, fix and manage
open source vulnerabilities

open source license compliance

Open Source
Compliance

Identify and comply with
open source licenses

open source audit services

Open Source
Audits

Get fast and accurate analysis
from Black Duck experts

Inventory

Open Source Software

Map

Known Security Vulnerabilities

Identify

License & Quality Risks

Manage

Open Source Risk Policies

Alert

On New Security Threats

Complete Visibility. Automated Control.

Black Duck's multi-factor open source detection capabilities, in conjunction with Black Duck KnowledgeBase™, the most comprehensive database of open source component, vulnerability, and license information, enable you to research open source projects, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.

Learn More About Black Duck Products

  • Our information security group now has a significantly easier way to determine which artifacts and versions are affected by any security vulnerability and which applications are impacted as a result. This capability did not exist before, so this is huge.

    - Kostas Gaitanos , Senior Director of Development Services, FINRA

  • We connected with Black Duck several months before our IPO because our investors, our board and our management team felt it was important – critical, in fact – to understand the health of our source code in terms of security, quality and licensing.

    - Danielle Sheer, Vice President, General Counsel and Corporate Secretary, Carbonite

  • Black Duck stands in a class of its own. From a return on investment standpoint, given the breadth of information we receive from the system and the ease of use, versus our expenditure, we find it to be a great investment. Life for us would be very difficult without Black Duck.

    - Igor Lekht, Sr. Vice President AxiomSL
Application Security Buyer's Guide
Guides & Tutorials

Application Security Buyer's Guide
2017 Open Source Security and Risk Analysis
Reports & Analysis

2017 Open Source Security and Risk Analysis
Forrester Wave: Software Composition Analysis
Reports & Analysis

Forrester Wave: Software Composition Analysis

Events

09.26.17
Structure Security
City: San Francisco
10.03.17
Red Hat Forum UK 
City: London, United Kingdom
10.09.17
Jax London
City: London, United Kingdom
See all Events

Webinars

09.28.17
Blockchain & Open Source: Hype or Potential Game Changer?
10.05.17
Behind the Equifax Breach: A Deep Dive Into Apache Struts CVE-2017-5638
10.26.17
The Basics of Open Source Security
See all Webinars

Press Releases

09.21.17
Black Duck Releases Threat Check for Struts; Free-Use Tool Allows Organizations Worldwide to Auto-Detect Equifax Vulnerability
09.13.17
Black Duck CEO Lou Shipley Moderating at Massachusetts Cybersecurity Forum
08.17.17
Black Duck Streamlines DevSecOps with New Hub Detect Capability
See all Press Releases
Follow us online