Open Source makes its way into your software through many channels and it’s important to manage open source risks throughout your software development lifecycle and beyond. Black Duck integrations with JFrog allow you leverage Black Duck’s industry leading open source vulnerability management capabilities as part of your JFrog deployment.
With multiple integrations supporting both Artifactory and Xray, you have the power of two best-of-breed solutions with the flexibility to deploy them in a wide range of configurations.
Black Duck plugin for Artifactory scans the binary repository to ensure the code artifacts being used comply with open source use policies and are free from known vulnerabilities. Black Duck scans artifacts already in the repository and will also scan any artifacts being added to prevent vulnerable components from entering or propagating in application code.
Black Duck also integrates with Xray. Xray scans your Artifactory repository. When integrated with Black Duck, it queries the Black Duck KnowledgeBase™ directly for open source vulnerability and license information on specific artifacts.
By scanning open source components in the repository, development teams can attack vulnerabilities earlier in the SDLC, saving time and money on remediation processes. In addition, Black Duck's vulnerability & policy monitoring will alert you on any new security risks or policies that affect artifacts in the repository.