Black Duck Releases Free Vulnerability Plugin for Open Source Software

Free Jenkins plugin empowers developers to rapidly identify known open source security vulnerabilities

BURLINGTON, Mass. -- (BUSINESS WIRE) -- Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the release of the free Black Duck Vulnerability Plugin for Jenkins. The new plugin extracts dependency data from the Jenkins build and automates the discovery of open source software used within projects while detecting known security vulnerabilities.

"The Black Duck Vulnerability Plugin for Jenkins finds vulnerabilities early in the software development lifecycle, thereby accelerating the delivery of better quality code."

According to the National Vulnerability Database, more than 4,000 new vulnerabilities are reported in open source software each year, and thousands of these known vulnerabilities go unnoticed within a typical enterprise. By leveraging Black Duck’s KnowledgeBase, the new free plugin streamlines the usually-tedious process of identifying open source components to instantly provide OSS vulnerability and license data on more than one million open source projects. Identifying the vulnerabilities within each build means mitigating risks early in the software development cycle.

“Continuous delivery increases the frequency of everything in the software development workflow and vulnerability detection is no exception,” said Jenkins Founder and CloudBees CTO Kohsuke Kawaguchi. “The Black Duck Vulnerability Plugin for Jenkins finds vulnerabilities early in the software development lifecycle, thereby accelerating the delivery of better quality code.”

“Black Duck offers developers and build engineers immediate visibility into vulnerabilities found in their open source software,” said Bill Ledingham, Chief Technology Officer and EVP of Engineering, Black Duck Software. “With this powerful data, teams can now focus on remediating their open source code before deploying to production."

Black Duck’s OSS Vulnerability Plugin also generates an easy-to-share .PDF report enabling development teams to work together with security teams. The plugin is free and runs for an unlimited amount of time.

To download the Jenkins plugin, click here.

Jenkins Free OSS Vulnerability Plugin

About Black Duck Software

Black Duck Software is the leading OSS Logistics solution provider, enabling enterprises of every size to securely manage open source code in the development of internal and external applications, and across the software supply chain. Black Duck solutions allow customers to optimize the opportunities that come with open source adoption and management. As part of the greater open source community, Black Duck connects developers to comprehensive open source software (OSS) resources through The Black Duck Open Hub (formerly Ohloh) and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck is headquartered in Boston and has offices in San Mateo, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul, and Beijing. For more information about how to leverage open source to deliver faster innovation, greater creativity, and improved efficiency, visit and follow the company at @black_duck_sw.



PAN Communications
Katelyn Campbell, 617-502-4300