Automate Open Source Governance
Black Duck® Code Center™ is the leading platform for OSS Logistics governance, helping organizations leverage the power of open source technologies and methods. Developers know that using readily available open source code, along with third-party and internal code, provides a major productivity boost. However, if not managed properly, mixing code from multiple sources can introduce significant legal, operational and security risks.
Robust software development policies and procedures must be in place in order to mitigate risks, but without automation tools, rules and regulations can bog developers down and prevent them from doing what they do best: producing high-quality software.
Code Center supports an enterprise-wide framework that allows corporate decision makers to collaborate seamlessly while managing software development policies. As part of the Black Duck® Suite, Code Center automates key governance processes such as:
- Searching for and selecting open source software (OSS)
- Obtaining approval for code use
- Cataloging components for reuse and standardization
- Comprehensive component metadata, including license information and security vulnerabilities, through leveraging the Black Duck® KnowledgeBase
Additionally, it provides developers with unprecedented visibility into component availability and desirability. Code Center is highly scalable and can support development teams of any size, whether co-located or geographically distributed, and can be deployed on premises or as software as a service (SaaS).
- Daily security alerts provide actionable information to help keep components secure
- Security vulnerability tuning leverages low, medium and high security ratings and enables companies to set policies and automate component approvals based on the severity of vulnerabilities
- Configurable and automated approval workflow
- Deep License Data™ uncovers all license information, not just the declared license, enabling developers to make more informed component choices early in the SDLC
- Catalog of approved components allows you to track where components are used in other applications and encourages standardization and reuse
- Component data includes associated metadata from Ohloh.net, enabling more informed component choices, including the ability to analyze component risk factors
Code Center is also available as part of the Black Duck Suite, a comprehensive, automated oss logistical approach to governance and compliance that integrates across the application development lifecycle.
To learn more about how Code Center can help your organization maximize the power of open source through mastery of oss logistics, contact