Open Source Code Scanning
In today's "copy and paste" world, development organizations are increasingly relying on software mashups and code reuse to create things faster, better, and cheaper. While the use and reuse of open source and third-party code enables rapid development, it also means it is more important than ever to have visibility and control over the components in your code base.
Companies of all sizes should be able to answer the following questions:
- What open source components
are present in your code base?
- What open source licenses and known security
vulnerabilities does your code contain?
- Where is open source code being used
across your application portfolio?
Quick and easy access to these insights empowers organizations to optimize their use of open source, ensure compliance, discover security vulnerabilities, identify bugs, and correct poor code management practices.
Black Duck offers a range of code scanning and code
matching products and services that allow you to:
Gain visibility into
your code base
Determine code origin
Track what open source
code is used within
Identify open source
Black Duck Solutions
The Black Duck Hub helps security and development teams identify and remediate open source vulnerabilities across application portfolios. The Hub’s lightweight, open source scanning, tracking, and monitoring solution:
- Identifies open source throughout your code base
- Automatically maps known vulnerabilities to the open source you have in use
- Triages and tracks remediation
- Continuously monitors for newly identified vulnerabilities
As part of Black Duck's leading OSS Logistics solution, Black Duck® Protex™ helps manage open source compliance and integrates seamlessly with existing development tools to automatically scan, discover and identify software origins. Together with the Black Duck® KnowledgeBase™, the industry’s most comprehensive database of open source project information and other downloadable software, Protex provides the industry’s most sophisticated and accurate code scanning solution.
Black Duck Services
Black Duck's software code audit services for internal assessments and M&A due diligence provide all the benefits of our pioneering technology as tailored open source scanning services. Learn more about our various leading open source audit services: