Product

About the Black Duck

Black Duck, now a key part of Synopsys' Software Integrity Group, is a leading software composition analysis (SCA) solution. It helps organizations manage security, license compliance, and quality risks associated with the pervasive use of open-source software and other third-party components in their applications and containers. Black Duck provides unmatched visibility into third-party code throughout the software supply chain and application lifecycle. Key features include automated identification of open-source components, detection of known security vulnerabilities (with detailed remediation guidance), identification of open-source license risks, and generation of comprehensive Software Bill of Materials (SBOMs). It integrates deeply into development workflows and CI/CD pipelines to enable "shift-left" security, allowing developers to find and fix issues quickly.