The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Product Page

Black Duck® SCA

Black Duck scans your projects and containers for open source, either as source or as binaries, helping you manage security vulnerabilities and licensing risks before they become problems. It enables you to review and prioritize vulnerabilities, assign remediation dates, and track closure. Black Duck also checks the licenses for risk levels and verifies use against company policies. After the scan, Black Duck continuously monitors for new vulnerabilities reported against open source libraries in use within your applications, enabling you to quickly respond to newly identified vulnerabilities.

Learn more about Black Duck

Code Sight™

Code Sight is an IDE plug-in that helps developers address security defects in real time as they code, so they can quickly find and fix security risks in source code, open source dependencies, API calls, and infrastructure-as-code (IaC) files before code commit and integration.

Learn more about Code Sight

Coverity®

Coverity finds critical defects and security vulnerabilities in software during development, before it reaches customers. It helps developers save time by finding issues early, and helps manage risk to enable better release decisions. Coverity supports over a dozen programming languages and a broad range of defect and vulnerability types.

Learn more about Coverity

Defensics®

Defensics is a comprehensive, powerful, and automated black box solution that enables you to effectively and efficiently discover and remediate security weaknesses in software. By taking a systematic and intelligent approach to negative testing, Defensics allows you to ensure software security without compromising on product innovation, increasing time to market, or inflating operational costs.

Learn more about Defensics

Black Duck Polaris™ Platform 

Polaris is an integrated, cloud-based application security testing solution optimized for the needs of development and DevSecOps teams. Polaris brings our market-leading security analysis engines together in a unified platform, giving teams the flexibility to run different tests at different times based on application, project, schedule, or SDLC events.

Learn more about Polaris

Seeker

Seeker, our interactive application security testing (IAST) solution, gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). Seeker’s seamless integration into CI/CD workflows enables fast IAST at DevOps speed.

Learn more about Seeker

Software Risk Manager™

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Learn more about Software Risk Manager

Continuous Dynamic™

Continuous Dynamic is a SaaS dynamic application security testing (DAST) solution that identifies readily exploitable vulnerabilities in web applications. Continuous Dynamic is production-safe and can be run continuously to help teams find vulnerabilities before hackers do.

Learn more about Continuous Dynamic