Skip to main content

Knowing where and how your company is using open source software can avoid costly litigation.

Learn More

Black Duck Protex Automates Open Source Compliance

Open source software is free to use, but it comes with license obligations. Poor open source compliance can expose you to costly, time-consuming risks, including litigation and loss of IP.

Black Duck® Protex™ is the industry’s leading solution for managing open source license compliance. Protex integrates with existing development tools to automatically scan, identify, and inventory open source software, allowing you to understand license obligations, conflicts and risks. This enables you to mitigate these risks by enforcing license compliance and corporate policy requirements.

Are you in control of your open source?

Protex helps you reduce business risks and complete software projects on time and on budget.

Scan software contents

Inventory open source

Identify potential license risks

Streamline open source audits

Black Duck Code Label

The Black Duck Code Label provides summary of what’s in your code. Using output from a Protex code scan, Code Label tells you what open source you’re using and the license obligations associated with it.

Open Source licensing can be complex, but Code Label makes it easy for you to get the information your organization  needs:

  • Legal teams can isolate possible license violations and conflicts
  • Developers can drill down to identify problematic components and level of use
  • Governance teams can compare their Code Label against company policies to assess  potential conflicts prior to deployment

During M&A due diligence, the Code Label enables verification of code composition prior to commitment


  • With Protex, it’s much easier to confirm where unintended open source is used in our products, and we’ve significantly reduced the risks of license violations.

    - Nobuko Hattori, Chief Engineer Software Strategy, Olympus

Integration With Existing Development Solutions


Black Duck provides systematic control over the software development process by integrating with your existing IDEs, build and continuous integration (CI) tools, reporting and repository-management systems.


Jenkins Integration

With the Protex Jenkins Plug-in you can configure the Jenkins build to point to an existing Protex project, or to create a new project for the build. The plug-in also initiates a scan of the project code and can be set to "Fail" the build if any pending IDs or license conflicts are found.
TeamCity Integration

TeamCity Integration

With the Protex TeamCity Plug-in, you can initiate a scan of software project code and “fail” the build if any pending ID's or license conflicts are found during the scan. The TeamCity build can point to an existing Protex project or create a new project for the build.

The Most Comprehensive Open Source KnowledgeBase

The Black Duck® KnowledgeBase™ is the industry’s most comprehensive database of open source project information. It includes over ten years' worth of data, more than 1 million software projects from more than 8,500 sites, and detailed data for more than 2,400 unique licenses, including vulnerabilities, full license text and dozens of encoded attributes and obligations for each license. New open source project versions and meta data are continually added in to the KnowledgeBase.

Software Development Kit

The SDK extends the capabilities of Protex and enables your development team to tightly integrate with native development tools and processes. The SDK provides a SOAP API that allows you to integrate and automate a broad set of functions in your environment, including:

  • Code scanning and analysis
  • Status reporting
  • Release, approval and sign-off process integration
  • Build-process integration