Black Duck Suite
Black Duck Suite
Automate Open Source Governance, Compliance,
Need more visibility into and control over the open source software (OSS) in your organization?
An automated approach to open source governance and compliance that integrates across your application development lifecycle is critical.
The Black Duck® Suite, our end-to-end OSS Logistics solution, enables enterprises of every size to manage how they acquire, approve, scan, monitor, secure, inventory, and deliver software with open source components.
The Black Duck Suite automates open source governance and compliance, while continually monitoring for security vulnerabilities to enable organizations to speed innovative development, reduce costs, and ensure application security.
Black Duck Suite Features
Legal Compliance and Governance
- Scan and match open source components in your software
- Flag license risk and license conflicts
- Discover and control unknown, outdated or unapproved components
- Create customizable approval workflow to reinforce your organization's policies and procedures
- Open source security vulnerability identification and monitoring
- Remediation tracking with rollup data from component to application level
- Vulnerability reports, dashboard risk profile and automated notifications highlight applications that are most vulnerable
Code Catalog And Search
- Catalog for open source, commercial and internally-developed software that allows developers to easily find, track, and reuse approved code
- Help developers find and choose components, tapping the Black Duck KnowledgeBase, as well as your internal catalog, with comprehensive component search capabilities
The Black Duck Suite provides seamless integration with your existing development ecosystem
- Integrated Development Environments (IDEs)
- Build and Continuous Integrations (CI) Tools
- Reporting Systems
- Binary Repository Management Systems
- Issue tracking Systems
The Most Comprehensive Open Source KnowledgeBase
The Black Duck® KnowledgeBase™ is the industry’s most comprehensive database of open source project information. The Black Duck KB includes over ten years' worth of data, more than 1 million software projects from more than 8,500 sites, and detailed data for more than 2,400 unique licenses, including vulnerabilities, full license text and dozens of encoded attributes and obligations for each license. New open source project versions and meta data are continually added in to the KnowledgeBase.
EXPERIENCE THE POWER OF DEEP LICENSE DATA
Deep License Data™ goes beyond the top-level declared license of an open source project, providing up-front visibility into embedded licenses – those licenses that exist within projects and are not readily identifiable and often carried over when code from other projects are included.
- Know exactly what license information exists in a component before it enters your code stream
- Make more informed decisions during component selection and approval, reducing license-related issues or rework later in the software development lifecycle
- Expand the potential pool of open source projects to choose from by offering visibility into projects with no declared license