Version 2024.1
License Types: Black Duck licenses its Licensed Products and Subscription Services pursuant to the following License Types: The License Types may only be used within the applicable Licensed Product and Subscription Service group described below.
— For Coverity and Coverity on Polaris Licensed Products —
I. LOC License
An “LOC License” restricts the aggregate number of lines of code in the Code Base on which the Customer may use the Licensed Product. The Licensed Product cannot be used on code exceeding the number of lines of code licensed for use. More information about Black Duck’s LOC License Policy can be found at https://www.blackduck.com/company/legal/line-count-guidelines.html.
II. Team License – legacy as of November 1, 2020
A “Team License” restricts use of the Licensed Product within a named development team. The team is licensed to access the Licensed Product based upon the total number of individuals in the team, and the Code Bases being developed by various members of the team. Once the team name, team size, and Code Bases are established, anyone within that team is authorized to access the Licensed Product during the License Term. If the team grows beyond its original size, additional license increments must be purchased to keep the entire team licensed. The size of the team must include all contractors that require access to the Licensed Product. All Team Licenses are sold in 5 User Pack increments and the quantity identified in the Purchasing Agreement identifies the total number of 5 User Packs licensed.
III. Team License – current as of November 1, 2020
A “Team License” restricts use of the Licensed Product within a named development team. The team is licensed to access the Licensed Product based upon the total number of individuals in the team, and the Code Bases (in some organizations this is referred to as applications or projects) being developed by various members of the team. Once the team name, team size, and Code Bases are established, anyone within that team is authorized to access the Licensed Product during the License Term. If the team grows beyond its original size, additional license increments must be purchased to keep the entire team licensed. The size of the team must include all contractors that require access to the Licensed Product. All Team Licenses are sold with a minimum size of 10.
— For Defensics Licensed Products —
I. Concurrent User License
A “Concurrent User License” restricts the use of the Licensed Product, at any one time, to the maximum number of users identified in the applicable Purchasing Agreement. Use of the Licensed Product is further restricted to use on the Application(s) stated in the applicable Purchasing Agreement.
II. Named User License
A “Named User License” restricts the use of Licensed Product to a specified named user. For clarification, the Licensed Product can be installed on multiple systems, but only the named user may access the Licensed Product on any one system at any given time. Use of the Licensed Product is further restricted to use on the Application(s) stated in the applicable Purchasing Agreement.
III. Scan License
A “Scan License” restricts the use of the Licensed Product to the number of scans identified in the applicable Purchasing Agreement. Use of the Licensed Product is further restricted to use on the Application(s) stated in the applicable Purchasing Agreement.
IV. Unlimited Scan License
An “Unlimited Scan License” restricts the use of the Licensed Product to an unlimited number of scans on the Application(s) identified in the applicable Purchasing Agreement.
V. Lab Seat License
The "Lab Seat" license restricts the use of the “fuzz testing” Defensics protocols in a package of protocols based on the number of: (i) fuzz testing runs per Instance and (ii) Lab Locations. For example, if three Lab Seats are purchased, the license holder can run a single fuzz test run on up to three different Instances or can run three fuzz test runs on a single Instance. An “Instance” means any computer operating system, including without limitation a laptop computer, desktop computer, server, virtual machine, virtual appliance, container or similar configurations. Protocols may be installed on multiple Instances at the same time but may not be run more than the number of seats purchased on any/all Instances taken together.
A “Lab Location” restricts use to a single, designated physical “lab location” or “HostID.”
To expand the Lab Seat license to cover additional Instances and/or additional Lab Locations, the license holder must purchase additional seats corresponding to the additional number of Instances or Lab Locations.
*For purposes of types III and IV, above, a “scan” means the completion of one analysis cycle by the Licensed Product.
**An “Application” is the Code Base or Project identified in the applicable Purchasing Agreement.
— For Black Duck Licensed Products —
Legacy as of November 1, 2020
I. “Application” means the software code associated with a single software build, including multiple versions thereof.
II. “Code Contributor” means the individuals within or contracted by the Customer’s organization who contribute or work with code for an Application that will be scanned or analyzed by the Licensed Product. The number of Code Contributors includes all developers, engineers, analysts, architects, testers and managers who have written, modified or reviewed code for any scanned or analyzed Application during the License Term, as well as any individuals who interact with the Licensed Product via UI, email/text alerts, API, or third-party integration. Code Contributors do not include, however, those individuals within the Customer’s organization who perform only software related documentation or project management tasks.
III. Team License – current as of November 1, 2020
A “Team License” restricts use of the Licensed Product within a named development team. The team is licensed to access the Licensed Product based upon the total number of individuals in the team, and the Code Bases (in some organizations this is referred to as applications or projects) being developed by various members of the team. Once the team name, team size, and Code Bases are established, anyone within that team is authorized to access the Licensed Product during the License Term. If the team grows beyond its original size, additional license increments must be purchased to keep the entire team licensed. The size of the team must include all contractors that require access to the Licensed Product. All Team Licenses are sold with a minimum size of 10.
- For Seeker Licensed Products –
I. “Team License” restricts use of the Licensed Product within a named development team. The team is licensed to access the Licensed Product based upon the total number of individuals in the team, and the Code Bases (in some organizations this is referred to as applications or projects) being developed by various members of the team. Once the team name, team size, and Code Bases are established, anyone within that team is authorized to access the Licensed Product during the License Term. If the team grows beyond its original size, additional license increments must be purchased to keep the entire team licensed. The size of the team must include all contractors that require access to the Licensed Product. All Team Licenses are sold with a minimum size of 10.
- For eLearning Licensed Products –
I. "Named User" means an Authorized User identified by a customer to use the eLearning tool through a unique login account. Named Users must remain the same for a minimum of twelve (12) months and may be transferred to another Named User thereafter.
- For Software Risk Manager (formerly known as Code Dx) Licensed Products –
I. “Team License” restricts use of the Licensed Product within a named development team. The team is licensed to access the Licensed Product based upon the total number of individuals in the team, and the Code Bases (in some organizations this is referred to as applications or projects) being developed by various members of the team. Once the team name, team size, and Code Bases are established, anyone within that team is authorized to access the Licensed Product during the License Term. If the team grows beyond its original size, additional license increments must be purchased to keep the entire team licensed. The size of the team must include all contractors that require access to the Licensed Product. All Team Licenses are sold with a minimum size of 10.
A “Team Member” is an individual within the named development team.
II. “Asset” means, pertaining to the InfraSec capability, a network or infrastructure component, such as an IP address, that is monitored by the Software Risk Manager system for the purposes of reporting on network vulnerabilities. Examples include network scan results from Nessus, and IP addresses.
III. “Project” means a project within the Software Risk Manager system is defined as a software application or component(s) that is analyzed separately through Software Risk Manager. Projects can be hierarchical with one or more components. Typically, projects are a group of files that make up the software application. A project is defined by the setup in Software Risk Manager and not limited in size or other external parameters such as the delivered functionality or by means of its installation. Projects, once defined, are not reusable. Re-use constitutes another project by definition.
IV. "User" means a user is defined as a ‘named user’ of the Software Risk Manager system. A *named user is someone who would log into the Software Risk Manager server UI to perform their job duties such as reviewing vulnerability findings, assigning status, configuration, dashboarding and more. The named user can be but is not limited to AppSec and DevOps team members, security and triage analysts and security leads (including developers). Some beneficiaries of Software Risk Manager do not log directly into the system but benefit via interaction with the server via APIs and DevOps tools such as JIRA, Jenkins, etc. These beneficiaries do not require a user license. Only those users that log into the UI require a user license.
*To accommodate team changes, such as an internal job role change, a team member leaving the organization, etc., by agreement, named users can be changed on a quarterly basis within the Software Risk Manager system.
- For Managed Service Provider Licensed Products –
“Each" in respect of a Licensed Product means that a managed service provider has the right to use one instance of the named Licensed Product to provide managed services for its customer base. For example, in the context of a Coverity license, a quantity of one (1) and type “Each” means that the managed service provider can use the Coverity tool to provide managed services to its customer base.
- For Coverity Qualification Kit (“QKIT”) Licensed Products
“Each" in respect of a Licensed Product means that a Customer has the right to use one QKIT for each Customer-specified Functional Safety Project.