Black Duck KnowledgeBase
Comprehensive Database of Open Source Metadata
The Black Duck® KnowledgeBase™ is the industry’s most comprehensive database of open source project and security information. Since 2003, Black Duck has searched the Internet for information on open source and downloadable code, making the KnowledgeBase an integral and unique asset that differentiates our products and services.
Black Duck products leverage the KnowledgeBase for:
- Deep License Data™ that identifies "embedded licenses" to help organizations trust the use of thousands of projects with no declared license. Deep License Data also exposes those projects with no license data, which are generally determined to carry a high risk profile.
- Code search, scanning and analysis
- Ongoing, automated license compatibility notification
- Comparing software in any code base to the known universe of open source code, and reporting matches
- Cataloging hard data that documents the code origin
The KnowledgeBase helps developers find code and components, and includes information on 1.1 million projects from over 8,500 sites, and contains detailed data on more than 69,000 vulnerabilities across more than 350 billion lines of code. The KnowledgeBase includes information on more than 2,400 unique software licenses (GPL, LGPL, Apache, etc.), including the full license text and dozens of encoded attributes and obligations for each license. It is continuously updated with thousands of new projects on a regular basis, and because it contains code and components from various sources, some of which have disappeared over the years, it is nearly impossible to replicate the data.
Black Duck employs a team of developers, affectionately referred to as “spiders,” dedicated to maintaining the KnowledgeBase, along with supporting the technology infrastructure and processes that have been developed over the course of many years.
- Extensive licensing information
- Security vulnerability data
- Compares code fragments, source files, fully-formed components and binary files including executable files, static or dynamic libraries, images, icons, sound files, font files, logo files and archive files
- Custom code printing allows you to add internally developed or third-party licensed code for future comparative analysis
- Quickly find and identify encryption software within products to automatically determine the applicable export rules for the "crypto" elements
To learn more about how Black Duck can help your organization maximize the power of open source through mastery of OSS logistics, contact us at email@example.com.