The product teams use them under supervision from the security department. I'm not extremely familiar with the details on how the product teams are using it, but I think they have integrated it into their development life cycle. This is governed and managed from a technical and operational perspective by the security department. Opinions are split between people that find it useful, but it's also pretty complex. That's why when we're contemplating moving towards Snyk, it is because it's more developer-oriented than Black Duck. It's a tad more complex to integrate and to use. This is some of the feedback I heard about.
Software Composition Analysis (SCA) tools help organizations manage open source components, identifying vulnerabilities and ensuring licensing compliance, making them crucial for maintaining security and compliance in software development.SCA solutions are critical in the modern software development lifecycle. They enable developers to leverage open source components safely, by scanning codebases to detect vulnerable libraries and potential legal issues related to improper licensing. The...
The product teams use them under supervision from the security department. I'm not extremely familiar with the details on how the product teams are using it, but I think they have integrated it into their development life cycle. This is governed and managed from a technical and operational perspective by the security department. Opinions are split between people that find it useful, but it's also pretty complex. That's why when we're contemplating moving towards Snyk, it is because it's more developer-oriented than Black Duck. It's a tad more complex to integrate and to use. This is some of the feedback I heard about.