Black Duck and IBM Security AppScan

Managing Open Source Application Security Risks

Thousands of new open source security vulnerabilities are reported each year. 98% of organizations are using more open source in their applications than they know about, leaving them exposed to vulnerabilities such as Heartbleed, Shellshock, Ghost and Venom.

By integrating Black Duck Hub with IBM Security AppScan organizations can identify known open source vulnerabilities, remediate them, and control application security risks across both custom-developed and open source code. Together, Black Duck and IBM deliver comprehensive application visibility and remediation capabilities for identified security vulnerabilities. Black Duck Hub is a “Ready for IBM Security Intelligence” validated solution.


Key features available to IBM AppScan customers from Black Duck include:

  • Identification and Inventorying of Open Source: Rapid scanning and identification of open source libraries, versions, license, and community activity using the Black Duck® KnowledgeBase- the industry’s most complete database for open source
  • Comprehensive Assessment of Open Source Risks: Map known security vulnerabilities to open source in use. Identify severity of vulnerabilities and explore remediation options 

  • Remediation Orchestration and Policy Enforcement: Open source vulnerability remediation prioritization and mitigation guidance
  • Continuous Monitoring for New Security Vulnerabilities: Ongoing monitoring and alerting on newly reported open source security vulnerabilities