Try our new research platform with insights from 80,000+ expert users

Black Duck vs ReversingLabs comparison

Black Duck and ReversingLabs are both solutions in the Software Composition Analysis (SCA) category. Black Duck is ranked #1 with an average rating of 7.3, while ReversingLabs is ranked #11 with an average rating of 10.0. Black Duck holds a 17.8% mindshare in SCA, compared to ReversingLabs’s 0.8% mindshare. Additionally, 85% of Black Duck users are willing to recommend the solution, compared to 100% of ReversingLabs users who would recommend it.
Black Duck
Read 22 Black Duck reviews
  • 12,123 Views
  • 9,941 Comparison Views
85% willing to recommend
ReversingLabs
Read 4 ReversingLabs reviews
  • 1,589 Views
  • 318 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 5, 2024

Black Duck and ReversingLabs compete in the software security sector. Black Duck focuses on open source security, while ReversingLabs emphasizes malware analysis and file security. Black Duck's ease of deployment and support might sway businesses towards it, though ReversingLabs offers a more robust feature set for comprehensive file analysis, appealing to companies that prioritize extensive threat intelligence.

Features: Black Duck includes comprehensive open source monitoring, vulnerability identification, and license management tools. ReversingLabs provides in-depth file analysis, threat intelligence, and static malware analysis with seamless SIEM integration.

Room for Improvement: Black Duck could enhance its automatic analysis accuracy and expand its functionality beyond open source concerns. Improved integration with other security tools could also be beneficial. ReversingLabs needs a more user-friendly interface and simplified deployment process. Full documentation access for complex features would aid usability.

Ease of Deployment and Customer Service: Black Duck's straightforward deployment and robust support make setting up and running hassle-free. While ReversingLabs provides strong service, its deployment requires specialized skills, potentially complicating initial use.

Pricing and ROI: Black Duck offers lower setup costs and strong ROI in open source management, making it attractive for budget-conscious companies. ReversingLabs, despite higher costs, provides value with its advanced file security and threat detection, justifying investment for organizations needing comprehensive analysis capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Black Duck vs. ReversingLabs Report (Updated: July 2025).
Buyer's Guide
Black Duck vs. ReversingLabs
July 2025
Download the complete report
Helped 865,295 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Black Duck
Ranking in Software Composition Analysis (SCA)
1st
Average Rating
7.6
Reviews Sentiment
7.4
Number of Reviews
22
Ranking in other categories
No ranking in other categories
ReversingLabs
Ranking in Software Composition Analysis (SCA)
11th
Average Rating
9.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Application Security Tools (21st), Anti-Malware Tools (18th), Container Security (31st), Threat Intelligence Platforms (14th), Software Supply Chain Security (12th)
 

Mindshare comparison

As of August 2025, in the Software Composition Analysis (SCA) category, the mindshare of Black Duck is 17.8%, down from 22.5% compared to the previous year. The mindshare of ReversingLabs is 0.8%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
 

Featured Reviews

Aaron P - PeerSpot reviewer
A tool with a great UI to conduct a vulnerability scan that needs to provide better scalability options
The only thing I don't like about the product is that it is quite expensive and it is not very feasible as an open-source platform. One of the other things that I hate about the product stems from my dislike of contacting the support team of Black Duck to know if there are some issues since debugging some issues can be quite difficult. I don't find reliable or feasible documents to help me debug all those issues. The solution's pricing model and documentation areas of concern where improvement is needed. In our company, we get some issues or errors when we run a pipeline, and debugging those errors can be tedious and time-consuming. To minimize the time for debugging errors, I feel that Black Duck needs to add some documentation or something that will make it easy for users to debug the errors instead of seeking help from Black Duck's support team every time. Black Duck can add features, like viewing the vulnerability, to help users figure out the next step if they detect some vulnerability while also providing them some steps to help them follow some remedial steps, along with an explanation of measures to mitigate such issues. Black Duck's UI or server doesn't provide functionality to help users view the vulnerability, which is a process that needs to be automated. The solution's scalability is an area that needs to improve.
Read full review
Jesse Harris - PeerSpot reviewer
Comes with a large sample size and helps t stay on top of emerging threats
The solution helps to stay on top of emerging threats with easy integration with other products.  ReversingLabs has a large sample size.  The solution needs to improve integrations.  I have been using the solution for four to five years.  ReversingLabs' stability is excellent.  I rate the…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it."
"The solution is stable."
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"Policy management is a valuable feature."
"The cloud option of the product is always available and a positive aspect of the solution."
"The product enables other applications to be secure."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"The automated code scanning feature and Black Duck's integration with our development tools have enhanced our software compliance process and overall audit readiness."
More Black Duck pros
"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
"ReversingLabs has a large sample size."
"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
 

Cons

"It can be cumbersome to use or invalidate open source software because there is a hold time to check requirements or common regulations to ensure compliance."
"The scanner client is limited by the size of software it can handle."
"It is a cloud-only solution. In many cases, companies like to evaluate the software, but they're very reluctant to give you the software. It would be great if they could offer an on-prem component that could be used to scan the code and then upload the discovery results to the cloud and get all the information from there, but there is no such possibility. You have to upload the code to the Black Duck cloud system. Of course, they have a strong legal department, and they offer some configuration, but it is never enough. You have to give the code, which is a drawback. In modern designs like Snyk or FOSSA, you don't need to give the code. It requires more native integration with Coverity because they go together technically. You need both Coverity and Black Duck Hub. It would be really helpful for companies working in this space to get a combined offer from the same company. They should provide an option to buy Coverity for an additional fee. Coverity combined with Black Duck Hub will provide a one-step analysis to get everything you need and a unified report. It would be really great to be able to connect Black Duck Hub with Coverity unified reports."
"The initial setup of Black Duck is complex. It's not very straightforward. You need a lot of support and hand-holding from the Black Duck team itself for it to be deployed successfully across the organization."
"The solution's pricing model and documentation areas of concern where improvement is needed."
"There are areas for improvement such as false positives and the scanning of containers."
"The initial setup could be simplified. It was somewhat complex."
"Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive."
More Black Duck cons
"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."
"The solution needs to improve integrations."
"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."
"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."
"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
 

Pricing and Cost Advice

"The pricing is a little high."
"The price is low. It's not an expensive solution."
"I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
"The price is quite high because the behavior of the software during the scan is similar to competing products."
"The price charged by Black Duck is exorbitant."
"Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
"It is expensive."
"We have a yearly contract based on the number of queries and malicious programs which can be processed."
"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
865,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Manufacturing Company
15%
Computer Software Company
13%
Insurance Company
5%
Computer Software Company
16%
Financial Services Firm
13%
Insurance Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
See all answers
What do you like most about Black Duck?
The cloud option of the product is always available and a positive aspect of the solution.
See all answers
What is your experience regarding pricing and costs for Black Duck?
The price charged by Black Duck is exorbitant. For the features provided by the product, I would not want to pay a high price. There are many other products in the market that offer better features...
See all answers
What do you like most about ReversingLabs?
ReversingLabs has a large sample size.
See all answers
What needs improvement with ReversingLabs?
The solution needs to improve integrations.
See all answers
What advice do you have for others considering ReversingLabs?
I rate the product a ten out of ten.
See all answers
 

Comparisons

OpenText Static Application Security Testing vs Black Duck Logo
OpenText Static Application Security Testing vs Black Duck
Compared 18% of the time
JFrog Xray vs Black Duck Logo
JFrog Xray vs Black Duck
Compared 15% of the time
Snyk vs Black Duck Logo
Snyk vs Black Duck
Compared 12% of the time
Mend.io vs Black Duck Logo
Mend.io vs Black Duck
Compared 9% of the time
Sonatype Lifecycle vs Black Duck Logo
Sonatype Lifecycle vs Black Duck
Compared 7% of the time
More Black Duck Competitors
VirusTotal vs ReversingLabs Logo
VirusTotal vs ReversingLabs
Compared 23% of the time
JFrog Xray vs ReversingLabs Logo
JFrog Xray vs ReversingLabs
Compared 12% of the time
OPSWAT Filescan Sandbox vs ReversingLabs Logo
OPSWAT Filescan Sandbox vs ReversingLabs
Compared 9% of the time
CrowdStrike Falcon vs ReversingLabs Logo
CrowdStrike Falcon vs ReversingLabs
Compared 9% of the time
Snyk vs ReversingLabs Logo
Snyk vs ReversingLabs
Compared 8% of the time
More ReversingLabs Competitors
 

Product Reports

Buyer's Guide
Black Duck
August 2025
Black Duck reportDownload Black Duck product report
Buyer's Guide
ReversingLabs
August 2025
ReversingLabs reportDownload ReversingLabs product report
 

Also Known As

Blackduck Hub, Black Duck Protex, Black Duck Security Checker
ReversingLabs Titanium, ReversingLabs secure.software
 

Overview

Organizations use Black Duck for compliance, internal audits, license management, and security, scanning software to identify vulnerabilities, non-compliant code, and dependencies in open-source projects.

Black Duck integrates into CI/CD pipelines and DevSecOps processes, helping multiple industries detect and handle risks associated with open-source usage. Users leverage it for source and binary analysis to ensure security and compliance before software release. Automatic component analysis, effective vulnerability scanning, and a comprehensive knowledge base are some of its valuable features. Despite needing improvements in scanning speed, UI, and documentation, Black Duck remains crucial for ensuring open-source security and compliance.

What are Black Duck's most important features?

  • Automatic Component Analysis: Provides automatic identification and analysis of open-source components.
  • Effective Vulnerability Scanning: Scans for vulnerabilities in both source code and binary files.
  • Comprehensive Knowledge Base: Offers expansive information on open-source components.
  • Policy Management: Enables the creation and enforcement of security and compliance policies.
  • Binary File Scanning: Capable of scanning binary files for in-depth security checks.
  • Ease of Use: Demonstrates ease of use, particularly on Mac products.
  • Stability: Known for its stable performance.
  • Docker Integration: Smooth integration with Docker for enhanced deployment.
  • Open-source Evaluation: Excellent evaluation capabilities for open-source software.
  • License Management: Manages open-source licenses effectively.
  • Easy Installation: Simple installation process.
  • Secure Onboarding: Ensures secure application onboarding.
  • API Availability: Provides APIs for custom integrations.
  • Community Support: Backed by an active community.
  • Dependency Tree Visualization: Visualizes dependencies for better management.

What benefits or ROI should users look for in reviews?

  • Improved Compliance: Helps maintain compliance with legal and regulatory requirements.
  • Risk Mitigation: Reduces risks associated with open-source vulnerabilities.
  • Enhanced Security: Strengthens software security by identifying and addressing potential issues early.
  • Time-saving: Automates many aspects of vulnerability scanning and analysis, saving valuable time.
  • Cost Efficiency: Detects issues early, potentially saving costs related to compliance breaches and security incidents.
  • Integration Ease: Seamlessly integrates with existing CI/CD pipelines and DevSecOps practices.
  • Knowledge Resource: Access to comprehensive information aiding better decision-making.

Black Duck is implemented by industries ranging from finance to healthcare, addressing security and compliance in open-source usage. Financial institutions employ it to manage license risks and ensure audit readiness. Healthcare organizations use it to comply with stringent data protection regulations, ensuring patient data security and privacy. Tech companies integrate Black Duck within CI/CD pipelines to maintain the security and compliance of software products before release. Its deployment varies, tailored to meet the specific risk management and compliance needs dictated by each sector's regulatory environment.

Black Duck

ReversingLabs is the trusted authority in software and file security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, the ReversingLabs Titanium Platform® powers the software supply chain and file security insights, tracking over 35 billion files daily with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.

RL - Trust Delivered.


https://www.reversinglabs.com

ReversingLabs
 

Sample Customers

Samsung, Siemens, ScienceLogic, BryterCX, Dynatrace
Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology
Buyer's Guide
Black Duck vs. ReversingLabs
July 2025
Free Report: Black Duck vs. ReversingLabs
Find out what your peers are saying about Black Duck vs. ReversingLabs and other solutions. Updated: July 2025.
DOWNLOAD NOW
865,295 professionals have used our research since 2012.
See our Black Duck vs. ReversingLabs report.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.