Black Duck Open Source Knowledge Base

Black Duck Knowledge Base

The World's Most Comprehensive Open Source Knowledge Base 

With millions of open source projects available globally from thousands of websites and forges, it can be difficult (and sometimes impossible) to effectively track your open source use and manage the security, compliance, and component quality risks that come with it. Black Duck products and services solve this problem, giving development, security, and legal teams maximum visibility and control of open source in their applications and containers. Black Duck's Open Source Knowledge Base is the foundation for Black Duck solutions, providing the industry’s most comprehensive database of open source component, vulnerability, and license information.

Maintained by Black Duck’s Center for Open Source Research & Innovation (COSRI), the Open Source Knowledge Base aggregates information for over 2 million open source projects from over 9,000 repositories and forges, including general-purpose forges like GitHub and SourceForge, language specific repos like RubyGems and PyPi, and individual project sites like MySQL. Black Duck tracks over 79,000 vulnerabilities from multiple sources, including the National Vulnerability Database (NVD), third-party vulnerability intelligence sources, Linux distribution and package manager sites, as well as Black Duck’s own independent security research.

No other solution gives you more visibility and control of your open source than Black Duck.

Broadest Coverage

  • 2+ million open source projects
  • 530+ billion lines of code
  • 9,000+ forges and repositories
  • 70+ programming languages
  • 79,000+ vulnerabilities
  • 2,500+ software licenses

Deepest Insights

  • 30% more tracked vulnerabilities than NVD alone
  • Earlier (up to 3 weeks) notification of new vulnerabilities
  • Enhanced remediation guidance not contained in NVD
  • Full license text, obligation, and compatibility information
  • Deep License Data™ identifies "embedded licenses" and higher risk "no license" projects
  • Component selection insights (community size, activity, version history)

Most Accurate & Up-to-Date

  • CodePrints™ of component code ensures accurate identification
  • Hourly vulnerability and component data updates
  • Continuous monitoring of all major global repositories
  • Maintained and validated by a dedicated research team