The Black Duck® KnowledgeBase™ is the industry’s most comprehensive database of open source project, license, and security information, covering more than 530 billion lines of open source code from over 9000 forges and repositories.
2,500 unique open source licenses (GPL, LGPL, Apache, etc.) with full license text and dozens of encoded attributes and obligations for each license.
79,000 known vulnerabilities tracked in the National Vulnerability Database (NVD) and other sources, remediation guidance and patch information.
2 million open source projects - more than any other solution, with directory and file CodePrints™ that identify open source in your code, even if modified or fragmented.
Deep License Data™ identifies "embedded licenses" to help organizations trust the use of thousands of projects with no declared license. Deep License Data exposes projects with no license data, which are high risk.
With millions of open source projects available globally from thousands of websites and forges, it can be difficult (and sometimes impossible) to effectively track your open source use and manage the security, compliance, and component quality risks that come with it. Black Duck products and services solve this problem, giving development, security, and legal teams maximum visibility and control of open source in their applications and containers. The Black Duck KnowledgeBase is the foundation for Black Duck solutions, providing the industry’s most comprehensive database of open source component, vulnerability, and license information.
Maintained by Black Duck’s Center for Open Source Research & Innovation (COSRI), this open source KnowledgeBase aggregates information for over 2 million open source projects from over 9,000 repositories and forges, including general-purpose forges like GitHub and SourceForge, language specific repos like RubyGems and PyPi, and individual project sites like MySQL. Black Duck tracks over 79,000 vulnerabilities from multiple sources, including the National Vulnerability Database (NVD), third-party vulnerability intelligence sources, Linux distribution and package manager sites, as well as Black Duck’s own independent security research.
No other solution gives you more visibility and control of your open source than Black Duck.