Black Duck Open Source Knowledge Base

Comprehensive Database of Open Source Metadata

downloads datasheetThe Black Duck® open source Knowledge Base™ is the industry’s most comprehensive database of open source project and security information. Since 2003, Black Duck has searched the Internet for information on open source and downloadable code, making the Knowledge Base an integral and unique asset that differentiates our products and services.

Black Duck products leverage the Knowledge Base for:

  • Deep License Data™ that identifies "embedded licenses" to help organizations trust the use of thousands of projects with no declared license. Deep License Data also exposes those projects with no license data, which are generally determined to carry a high risk profile.
  • Code search, scanning and analysis
  • Ongoing, automated license compatibility notification
  • Comparing software in any code base to the known universe of open source code, and reporting matches
  • Cataloging hard data that documents the code origin

The open source Knowledge Base helps developers find code and components, and includes information on 1.1 million projects from over 8,500 sites, and contains detailed data on more than 69,000 vulnerabilities across more than 350 billion lines of code. The Knowledge Base includes information on more than 2,400 unique software licenses (GPL, LGPL, Apache, etc.), including the full license text and dozens of encoded attributes and obligations for each license. It is continuously updated with thousands of new projects on a regular basis, and because it contains code and components from various sources, some of which have disappeared over the years, it is nearly impossible to replicate the data.

Black Duck employs a team of developers, affectionately referred to as “spiders,” dedicated to maintaining the open source Knowledge Base, along with supporting the technology infrastructure and processes that have been developed over the course of many years.




  • Extensive licensing information
  • Security vulnerability data
  • Compares code fragments, source files, fully-formed components and binary files including executable files, static or dynamic libraries, images, icons, sound files, font files, logo files and archive files
  • Custom code printing allows you to add internally developed or third-party licensed code for future comparative analysis

To learn more about how Black Duck can help your organization maximize the power of open source  through mastery of OSS logistics, contact us at