Try our new research platform with insights from 80,000+ expert users
Black Duck Logo

Black Duck pros and cons

Vendor: Black Duck
3.8 out of 5
Badge Ranked 1
637 followers
Start review

Pros & Cons summary

Black Duck enhances software development with its Docker binary file scanner, offering instant vulnerability updates and accurate dependency identification. Its comprehensive management system aids in license management and vulnerability forecasting. Automated code scanning and tool integration boost compliance. However, limitations in integration with platforms like IntelliJ IDEA and scanning size exist. It's a cloud-only solution with security concerns, high pricing, and inconsistent scan results, requiring improvement in speed for DevSecOps environments.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Black Duck's vulnerability scanning is valued for its ease of use and up-to-date identification of new vulnerabilities.
The automated code scanning and integration with development tools enhance software compliance and audit readiness.
The knowledge base and management system are key features, providing a robust environment for identifying license issues and security vulnerabilities.
The composition analysis effectively manages security risk and identifies dependencies accurately.
Installation and stability of Black Duck are consistently praised by users.

CONS

There is a lack of integration with other solutions, such as IntelliJ IDEA, and native integration with Coverity is required.
Black Duck operates as a cloud-only service, necessitating code upload to the cloud, which is a drawback compared to modern solutions that do not require code submission.
Scanning speed needs improvement, as it is time-consuming and not ideal when integrated with live DevSecOps pipelines.
Pricing is higher compared to competitors and is a concern due to infrequent scanning needs.
Improvements are needed in areas such as false positives, scanning of containers, and SBOM management capabilities.
 

Black Duck Pros review quotes

TO
May 28, 2019
It highlights what the developers have done, and it shows the impact from an intellectual property point of view.
Read full review
ZR
Jan 15, 2020
I like the fact that the product auto analyzes components.
Read full review
reviewer1472997 - PeerSpot reviewer
Dec 15, 2020
The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.
Read full review
Buyer's Guide
Black Duck
May 2025
Free Report: Black Duck Reviews and More
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
DOWNLOAD NOW
851,604 professionals have used our research since 2012.
reviewer2587080 - PeerSpot reviewer
May 16, 2025
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
Read full review
Sagar Mody - PeerSpot reviewer
Apr 12, 2024
We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.
Read full review
Alina-Eugenia Negulescu - PeerSpot reviewer
Aug 25, 2023
Policy management is a valuable feature.
Read full review
Aaron P - PeerSpot reviewer
Sep 15, 2023
The UI is the solution's most valuable feature since it allows for easy pipeline integration.
Read full review
reviewer1421445 - PeerSpot reviewer
Sep 27, 2020
The solution works well on Mac products.
Read full review
reviewer1361340 - PeerSpot reviewer
Apr 19, 2024
The cloud option of the product is always available and a positive aspect of the solution.
Read full review
reviewer1361340 - PeerSpot reviewer
Jun 7, 2020
The stability is okay.
Read full review
Show 10 more reviews (out of 22)
 

Black Duck Cons review quotes

TO
May 28, 2019
I would like to see more integration with other solutions, such as IntelliJ IDEA.
Read full review
ZR
Jan 15, 2020
The scanner client is limited by the size of software it can handle.
Read full review
reviewer1472997 - PeerSpot reviewer
Dec 15, 2020
It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports.
Read full review
Buyer's Guide
Black Duck
May 2025
Free Report: Black Duck Reviews and More
Learn what your peers think about Black Duck. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
DOWNLOAD NOW
851,604 professionals have used our research since 2012.
reviewer2587080 - PeerSpot reviewer
May 16, 2025
The initial setup of Black Duck is complex. It's not very straightforward. You need a lot of support and hand-holding from the Black Duck team itself for it to be deployed successfully across the organization.
Read full review
Sagar Mody - PeerSpot reviewer
Apr 12, 2024
It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow.
Read full review
Alina-Eugenia Negulescu - PeerSpot reviewer
Aug 25, 2023
The documentation is quite scattered.
Read full review
Aaron P - PeerSpot reviewer
Sep 15, 2023
The solution's pricing model and documentation areas of concern where improvement is needed.
Read full review
reviewer1421445 - PeerSpot reviewer
Sep 27, 2020
We're not too sure about the extension of the firewall. It never shows up in the Hub.
Read full review
reviewer1361340 - PeerSpot reviewer
Apr 19, 2024
The tool's documentation and support are areas of concern where improvements are required.
Read full review
reviewer1361340 - PeerSpot reviewer
Jun 7, 2020
It needs to be more user-friendly for developers and in general, to ensure compliance.
Read full review
Show 10 more reviews (out of 22)

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
GitLab vs Black Duck Logo
GitLab vs Black Duck
Snyk vs Black Duck Logo
Snyk vs Black Duck
Veracode vs Black Duck Logo
Veracode vs Black Duck
Mend.io vs Black Duck Logo
Mend.io vs Black Duck
JFrog Xray vs Black Duck Logo
JFrog Xray vs Black Duck
Sonatype Lifecycle vs Black Duck Logo
Sonatype Lifecycle vs Black Duck
Semgrep vs Black Duck Logo
Semgrep vs Black Duck
FOSSA vs Black Duck Logo
FOSSA vs Black Duck
Polaris Software Integrity Platform vs Black Duck Logo
Polaris Software Integrity Platform vs Black Duck
CAST Highlight vs Black Duck Logo
CAST Highlight vs Black Duck
ReversingLabs vs Black Duck Logo
ReversingLabs vs Black Duck
Apiiro vs Black Duck Logo
Apiiro vs Black Duck
Checkmarx Software Composition Analysis vs Black Duck Logo
Checkmarx Software Composition Analysis vs Black Duck
Cycode vs Black Duck Logo
Cycode vs Black Duck
Sonatype Repository Firewall vs Black Duck Logo
Sonatype Repository Firewall vs Black Duck
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
GitLab vs Black Duck Logo
GitLab vs Black Duck
Snyk vs Black Duck Logo
Snyk vs Black Duck
Veracode vs Black Duck Logo
Veracode vs Black Duck
Mend.io vs Black Duck Logo
Mend.io vs Black Duck
JFrog Xray vs Black Duck Logo
JFrog Xray vs Black Duck
Sonatype Lifecycle vs Black Duck Logo
Sonatype Lifecycle vs Black Duck
Semgrep vs Black Duck Logo
Semgrep vs Black Duck
FOSSA vs Black Duck Logo
FOSSA vs Black Duck
Polaris Software Integrity Platform vs Black Duck Logo
Polaris Software Integrity Platform vs Black Duck
CAST Highlight vs Black Duck Logo
CAST Highlight vs Black Duck
ReversingLabs vs Black Duck Logo
ReversingLabs vs Black Duck
Apiiro vs Black Duck Logo
Apiiro vs Black Duck
Checkmarx Software Composition Analysis vs Black Duck Logo
Checkmarx Software Composition Analysis vs Black Duck
Cycode vs Black Duck Logo
Cycode vs Black Duck
Sonatype Repository Firewall vs Black Duck Logo
Sonatype Repository Firewall vs Black Duck
See all alternatives
Related questions
  • 383
How does WhiteSource compare with Black Duck?
  • 65
What tools do you rely on for building a DevSecOps pipeline?
  • 52
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 49
What is the best way to track open-source license compatibility?
  • 66
How long does SCA scanning take?
  • 133
Why is Software Composition Analysis (SCA) important for companies?
  • 102
Differences between Black Duck & Veracode
  • 17
What SCA solution do you recommend?
  • 11
Is there an SCA solution that finds and fixes vulnerabilities?
  • 18
Can I get SCA in my IDE?