Sign in
Categories
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help

Black Duck

Synopsys, Inc. | 2022.7.0

Linux/Unix, CentOS 7.9.2009 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

24 reviews
from G2

External reviews are not included in the AWS star rating for the product.


    Pratik H.

Legal and Operational risks management tool.

  • January 17, 2022
  • Review provided by G2

What do you like best?
It has impressive features for both legal & security 3rd party software compliance. UI is easy to understand. It helps us to analyze the code in a timely and accurate manner.
What do you dislike?
According to me it has all the features required. It is fast and easy to use.
What problems is the product solving and how is that benefiting you?
The support team is always available to resolve the problem if any. Rest it helps us to know what's in your code and analyze your code in a timely and accurate manner.


    Ali s.

Good security, Stable and feature rich.

  • November 23, 2021
  • Review provided by G2

What do you like best?
Black duck software composition analysis works amazing on Mac, It has a good security and excellent features that protects and examines our source code from compliance issues.
What do you dislike?
Black duck should add features like packet analysis and binary analysis for better performance.
What problems is the product solving and how is that benefiting you?
We use black duck to audit our source code to protect from liscence and open source compliance. It is easy to use, stable, and well recognized in the industry.


    Information Technology and Services

What's there in your code?

  • November 03, 2021
  • Review provided by G2

What do you like best?
Blackduck is part of Devonshire which provides us automatic scanning. Black duck is not just for devops but also Secops. Blackduck has the most extensive open source KB in the industry
What do you dislike?
I am expecting better governance of teams. I have various teams using the capacity and I need to know which team is using how much. Black duck can come up with tenancy.
What problems is the product solving and how is that benefiting you?
Black duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black duck knowledge base and lists all the vulnerabilities and license issues in the code
Recommendations to others considering the product:
Well suited:. Easily come out of pain to manage open source components. No worries, Black duck is to the rescue, it takes care of your pen source components in terms of license and security. Also SecOps eases with the super Black duck


Less suited: can't really come up with a scenario, where it can be less suited. Until you stop using open source components in your code, quite impossible


    Shayna A.

SecOps made easy

  • November 02, 2021
  • Review provided by G2

What do you like best?
Quick inventory scan, Security and License risk management, integration for automatic scanning.
What do you dislike?
It is slow, outdated design and is to expensive.
What problems is the product solving and how is that benefiting you?
Black Duck being well established about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.


    Shreyans M.

Benchmark in software composition analysis

  • October 04, 2021
  • Review provided by G2

What do you like best?
One of the top solution providers to help manage security vulnerabilities, code quality, code smells, bugs and compliance risk associated with third-party open source code in an effective way. It supports wide range of languages some of which include Java, Cobol, Javascript, C#, C and C++. This software is the benchmark solution to elevate the continuous inspection element in CI/CD model
What do you dislike?
The cost is relatively higher than the other solutions in the market which makes it a difficult choice for organisations
What problems is the product solving and how is that benefiting you?
Having used this software for a few years I have been able to cut down on a substantial amount of rework by detecting and analysing vulnerabilities before leveraging any open source code. With the timely upgradation of this software it becomes easy to stay updated in terms of the handling newer type of vulnerabilities introduced in the market


    SAILEE J.

Need of today’s market

  • October 04, 2021
  • Review provided by G2

What do you like best?
Black duck is certainly an industry leader in open source scanning primarily due to the fact that it is simpler to use and hence eliminate majority open source vulnerabilities and bugs and licensing issues. Should there be any enhancement request Blackduck is fairly adaptive and responsive towards implementing the same.
What do you dislike?
The reporting could be enhanced as it does not provide the output the way one would expect it to be owing to which, it adds additional overhead to present the result in a better way
What problems is the product solving and how is that benefiting you?
It is very quick and responsive I remember including us small sized code from a random source and Blackduck immediately identified it


    Computer & Network Security

Black Duck SCA tool for vulnerabilities

  • September 14, 2021
  • Review provided by G2

What do you like best?
Custom policies, IDE integration during the development life cycle.Jira tickets are being created for the issues
What do you dislike?
Dont have any suggestion here which i have not liked so far.
What problems is the product solving and how is that benefiting you?
It was part of the ci/Cd pipeline to detect and create the Jira issues for corresponding vulnerabilities
Recommendations to others considering the product:
It was part of the ci/Cd pipeline to detect and create the jirra issues for corresponding vulnerabilities


    Utilities

The report is crisp and easy for deciding actionables

  • September 11, 2021
  • Review provided by G2

What do you like best?
The report is crisp and easy for deciding actionable
What do you dislike?
documentation could be better for implementation
What problems is the product solving and how is that benefiting you?
Able to find out the vulnerabilities and keep my systems secure & compliant


    Computer Software

Black duck is an excellent and reliable software to detect vulnerablities and security risks.

  • September 07, 2021
  • Review provided by G2

What do you like best?
Black duck serves as a good platform to identify third party software risk factors. It can be easily integrated as of part of CI/CD tools to scan security, license risk etc. It shows the exact break up of all the risky components of the binaries.
What do you dislike?
It's very strict in compliance check so during upgradation of third party software it is diffcult to ignore some of the risks. But that shows how efficient Black duck software is. Also, using open source software creates license risks.
What problems is the product solving and how is that benefiting you?
Using Black duck for binary scans as a part of DevOps activity to ensure the security and operation risk complaince that has helped to manage the risks and triage vulnerabilies in the softwares.


    Computer Software

Very basic UI

  • September 29, 2019
  • Review provided by G2

What do you like best?
Comprehensive analysis. It does a good job finding everything.
What do you dislike?
The output sucks, there's no comprehensive reports or nice UI or anything. It's all very basic/raw. They expect you to take all that raw information and make your own "pretty" reports with it, they have no product that can do that nor do they have any recommendations on 3rd party vendors that will do it.
What problems is the product solving and how is that benefiting you?
Finding any open source being used either directly or indirectly (ie through libraries or libraries of libraries) and all licenses that are being used.