No more typing reviews! Try our Samantha, our new voice AI agent.
Black Duck SCA Logo

Black Duck SCA pros and cons

Vendor: Black Duck
3.8 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Black Duck SCA offers a robust knowledge base and vulnerability scanning, integrates well with Mac products, and improves audit readiness. It enhances software compliance, supports risk management, and simplifies cloud deployment. However, initial setup is complex, integration with some tools is limited, and the pricing model is considered high. Users report incomplete SBOMs and desire SBOM management features. Despite these concerns, its comprehensive capabilities aid in effective security management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Black Duck SCA provides a comprehensive knowledge base, management system, and impressive vulnerability scanning capabilities, effectively integrating with Mac products and ensuring up-to-date reference points for all vulnerabilities.
It excels in automated code scanning, integrating seamlessly with development tools, enhancing software compliance processes, and improving audit readiness.
The software's extensive scan reserves and vulnerability exposures, together with its ability to drill down to source levels, greatly support security risk management.
Its sophisticated policy management and automated component analysis significantly aid in identifying and mitigating risks, especially with dependencies.
Installation and cloud availability are both reported as easy and consistently positive, contributing to overall effective security risk management.

CONS

SBOMs generated from Black Duck SCA may be incomplete, and vulnerabilities verified post-generation can be incorrect or missing.
Integration with other tools, such as IntelliJ IDEA, is limited.
The initial setup is complex and requires considerable support from the Black Duck team to deploy successfully across an organization.
There are concerns about the pricing model; it is considered high compared to competitor products.
Black Duck SCA lacks SBOM management capabilities, which users would like to see added.
 

Black Duck SCA Pros review quotes

reviewer2587080 - PeerSpot reviewer
reviewer2587080
IP Head at a tech services company with 10,001+ employees
May 16, 2025
Black Duck's ability to identify dependencies very accurately has been most valuable in identifying and mitigating risks.
Read full review
SS
SanjeevKumar26
Project Lead at ABB
Mar 18, 2026
The tool is giving a range for a given open-source component in a version and provides a list of vulnerabilities based on the sources with a lot of information.
Read full review
reviewer1610562 - PeerSpot reviewer
reviewer1610562
Director at a healthcare company with 10,001+ employees
Nov 11, 2024
The software composition analysis is most effective for security risk management.
Read full review
Buyer's Guide
Black Duck SCA
May 2026
Free Report: Black Duck SCA Reviews and More
Learn what your peers think about Black Duck SCA. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
reviewer1610562 - PeerSpot reviewer
reviewer1610562
Director at a healthcare company with 10,001+ employees
Apr 4, 2025
The most valuable feature of Black Duck is the composition analysis feature, which is effective for security risk management.
Read full review
Aaron P - PeerSpot reviewer
Aaron P
DevOps Engineer at a manufacturing company with 1,001-5,000 employees
Sep 15, 2023
The UI is the solution's most valuable feature since it allows for easy pipeline integration.
Read full review
Saravanan_Radhakrishnan - PeerSpot reviewer
Saravanan_Radhakrishnan
Senior Manager at Happiest Minds Technologies
Mar 5, 2024
The product enables other applications to be secure.
Read full review
Sagar Mody - PeerSpot reviewer
Sagar Mody
Solutions Architect at a tech services company with 10,001+ employees
Apr 12, 2024
We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it.
Read full review
DH
Doan Hieu
Project Manager at a manufacturing company with 11-50 employees
Apr 19, 2024
The most valuable feature for me in Black Duck is its ability to scan binary files effectively.
Read full review
SS
SanjeevKumar26
Project Lead at ABB
Apr 19, 2024
The cloud option of the product is always available and a positive aspect of the solution.
Read full review
Alina-Eugenia Negulescu - PeerSpot reviewer
Alina-Eugenia Negulescu
Head of Procurement and Vendor Manger at twoday
Aug 25, 2023
Policy management is a valuable feature.
Read full review
Show 10 more reviews (out of 23)
 

Black Duck SCA Cons review quotes

reviewer2587080 - PeerSpot reviewer
reviewer2587080
IP Head at a tech services company with 10,001+ employees
May 16, 2025
The initial setup of Black Duck is complex. It's not very straightforward. You need a lot of support and hand-holding from the Black Duck team itself for it to be deployed successfully across the organization.
Read full review
SS
SanjeevKumar26
Project Lead at ABB
Mar 18, 2026
The SBOMs that are being generated from Black Duck SCA are not sometimes fully complete, and the vulnerabilities that are being verified after generating this SBOM seem to be incorrect or missing.
Read full review
reviewer1610562 - PeerSpot reviewer
reviewer1610562
Director at a healthcare company with 10,001+ employees
Nov 11, 2024
There are areas for improvement such as false positives and the scanning of containers.
Read full review
Buyer's Guide
Black Duck SCA
May 2026
Free Report: Black Duck SCA Reviews and More
Learn what your peers think about Black Duck SCA. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
reviewer1610562 - PeerSpot reviewer
reviewer1610562
Director at a healthcare company with 10,001+ employees
Apr 4, 2025
Black Duck does not have the SBOM management part. I would like to see this feature added in the future.
Read full review
Aaron P - PeerSpot reviewer
Aaron P
DevOps Engineer at a manufacturing company with 1,001-5,000 employees
Sep 15, 2023
The solution's pricing model and documentation areas of concern where improvement is needed.
Read full review
Saravanan_Radhakrishnan - PeerSpot reviewer
Saravanan_Radhakrishnan
Senior Manager at Happiest Minds Technologies
Mar 5, 2024
The solution must provide more open APIs.
Read full review
Sagar Mody - PeerSpot reviewer
Sagar Mody
Solutions Architect at a tech services company with 10,001+ employees
Apr 12, 2024
It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow.
Read full review
DH
Doan Hieu
Project Manager at a manufacturing company with 11-50 employees
Apr 19, 2024
I would like to see improvements in Black Duck's reporting capabilities.
Read full review
SS
SanjeevKumar26
Project Lead at ABB
Apr 19, 2024
The tool's documentation and support are areas of concern where improvements are required.
Read full review
Alina-Eugenia Negulescu - PeerSpot reviewer
Alina-Eugenia Negulescu
Head of Procurement and Vendor Manger at twoday
Aug 25, 2023
The documentation is quite scattered.
Read full review
Show 10 more reviews (out of 23)

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
Snyk vs Black Duck SCA Logo
Snyk vs Black Duck SCA
GitLab vs Black Duck SCA Logo
GitLab vs Black Duck SCA
Veracode vs Black Duck SCA Logo
Veracode vs Black Duck SCA
JFrog Xray vs Black Duck SCA Logo
JFrog Xray vs Black Duck SCA
Mend.io vs Black Duck SCA Logo
Mend.io vs Black Duck SCA
Sonatype Lifecycle vs Black Duck SCA Logo
Sonatype Lifecycle vs Black Duck SCA
Semgrep vs Black Duck SCA Logo
Semgrep vs Black Duck SCA
Aikido Security vs Black Duck SCA Logo
Aikido Security vs Black Duck SCA
ReversingLabs vs Black Duck SCA Logo
ReversingLabs vs Black Duck SCA
Sonatype Repository Firewall vs Black Duck SCA Logo
Sonatype Repository Firewall vs Black Duck SCA
Apiiro vs Black Duck SCA Logo
Apiiro vs Black Duck SCA
Cycode vs Black Duck SCA Logo
Cycode vs Black Duck SCA
Endor Labs vs Black Duck SCA Logo
Endor Labs vs Black Duck SCA
Ox Security vs Black Duck SCA Logo
Ox Security vs Black Duck SCA
Software Risk Manager ASPM vs Black Duck SCA Logo
Software Risk Manager ASPM vs Black Duck SCA
See all alternatives

Product Categories

Product Categories
Software Composition Analysis (SCA)

Popular Comparisons

Popular Comparisons
Snyk vs Black Duck SCA Logo
Snyk vs Black Duck SCA
GitLab vs Black Duck SCA Logo
GitLab vs Black Duck SCA
Veracode vs Black Duck SCA Logo
Veracode vs Black Duck SCA
JFrog Xray vs Black Duck SCA Logo
JFrog Xray vs Black Duck SCA
Mend.io vs Black Duck SCA Logo
Mend.io vs Black Duck SCA
Sonatype Lifecycle vs Black Duck SCA Logo
Sonatype Lifecycle vs Black Duck SCA
Semgrep vs Black Duck SCA Logo
Semgrep vs Black Duck SCA
Aikido Security vs Black Duck SCA Logo
Aikido Security vs Black Duck SCA
ReversingLabs vs Black Duck SCA Logo
ReversingLabs vs Black Duck SCA
Sonatype Repository Firewall vs Black Duck SCA Logo
Sonatype Repository Firewall vs Black Duck SCA
Apiiro vs Black Duck SCA Logo
Apiiro vs Black Duck SCA
Cycode vs Black Duck SCA Logo
Cycode vs Black Duck SCA
Endor Labs vs Black Duck SCA Logo
Endor Labs vs Black Duck SCA
Ox Security vs Black Duck SCA Logo
Ox Security vs Black Duck SCA
Software Risk Manager ASPM vs Black Duck SCA Logo
Software Risk Manager ASPM vs Black Duck SCA
See all alternatives
Related questions
  • 127
How does WhiteSource compare with Black Duck?
  • 66
What tools do you rely on for building a DevSecOps pipeline?
  • 74
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 48
What is the best way to track open-source license compatibility?
  • 86
How long does SCA scanning take?
  • 282
Why is Software Composition Analysis (SCA) important for companies?
  • 66
Differences between Black Duck & Veracode
  • 67
What SCA solution do you recommend?
  • 70
Is there an SCA solution that finds and fixes vulnerabilities?
  • 84
Can I get SCA in my IDE?