Sorry, not available in this language yet

English
日本語
简体中文

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Program Consolidation | Simplify your application security program.
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage Enterprise AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality and Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing Solutions | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Devices | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

Development and DevOps Integrations

Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.

Automate risk detection

Trigger application security tests—like SAST and SCA—based on pipeline events including build, SCM check-in, preproduction unit testing, and more.

Accelerate triage and remediation

Enforce risk tolerance policies, establish security gates, and provide clear fix guidance to developers within their existing tools and workflows.

Boost developer productivity

Deliver real-time risk insight and noncompliance alerts to avoid late-stage rework.

IDE
SCM
Build
and CI
Package
manager
Binary
repository
Workflow and
notifications
Security
testing
Production
deployment

Integrated development environment (IDE) integrations

The Code Sight IDE plug-in integrates SAST and SCA scans into the developer IDE, enabling developers to identify and fix vulnerabilities before committing code, saving time and improving code quality.

Eclipse

Upload binaries to Black Duck for static analysis. Review scan results from within Eclipse to remediate security findings in your apps.

IntelliJ IDEA

Upload binaries to Black Duck for static analysis. Review scan results from within Intellij to remediate security findings in your apps.

Visual Studio

Compile and upload apps to Black Duck for static analysis. Identify security findings, view datapath info, and get remedition guidance within Microsoft Visual Studio.

Android Studio

coverity

PhpStorm

code sight coverity

WebStorm

code sight coverity

PyCharm

code sight coverity

Visual Studio Code

coverity code sight

Learn more

IBM

coverity

QNX Momentics Tool Suite

coverity

RubyMine

code sight coverity

Wind River

coverity

Learn more

Source Code Management (SCM) integrations

Black Duck's security tools integrate with leading source code management solutions to enable rapid scans on every pull or merge request to provide quick results and prevent issues from impacting other teams.

GitHub

Automate Black Duck SAST or SCA scanning of your application code from within GitHub.

GitLab logo

Automate Black Duck SAST or SCA scanning of our application code with GitLab.

Bitbucket

Black Duck Security Scan Pipe integrates Black Duck security testing into your Bitbucket pipeline.

Azure DevOps

polaris coverity black duck seeker

Learn more

Azure Repos

coverity

Learn more

Build and CI integrations

Black Duck’s security tools integrate with leading build and CI tools to add security into CI/CD pipelines. Security teams can enforce policies by integrating scan results into quality gates, enabling them to break builds if violations occur.

Gitlab

Perform SAST or SCA scans on each new build with integration to GitLab templates.

GitHub

Perform SAST or SCA scans on each new build with integration GitHub Actions.

Jenkins

Black Duck Jenkins Plugin automates building, uploading, and scanning of application code in Jenkins pipelines.

AWS CodeBuild

black duck

CircleCI

black duck

sbt

black duck

Travis CI

black duck

Azure DevOps

polaris coverity black duck seeker

Learn more

CloudBees

black duck

TeamCity

software risk manager black duck

Azure Pipelines

tinfoil coverity black duck

Learn more

CodeShip

black duck

Gradle

coverity black duck

Learn more

Bamboo

tinfoil coverity black duck

Concourse

black duck

Wind River Studio

coverity

Package manager integrations

Black Duck works with package management tools to identify open source and third-party components in applications to help manage security, license, and component quality risks associated with dependencies.

Maven

Integrate Black Duck Static Analysis scanning with Apache Maven into existing build processes that you use in your SDLC.

Gogradle

Black Duck Static Analysis scanning with Gogradle into existing buid processes that you use in your SDLC.

npm

Integrate Static Analysis scanning with npm to seamlessly add static scanning into existing build processes that you use in your SDLC.

Bazel

black duck

Learn more

Composer

black duck

Go Module CLI

black duck

Pip

black duck

Learn more

Yarn

coverity black duck

Bower

coverity

CPAN

black duck

Go Vndr

black duck

Poetry

black duck

Yocto Project (YP)

black duck

Learn more

Cargo

black duck

Conan

black duck

Learn more

NuGet

black duck

Learn more

Rebar3

black duck

RubyGems

black duck

CocoaPods

black duck

Conda

black duck

Lerna

black duck

Packrat

black duck

Binary repository integrations

Black Duck integrates with binary repositories to host approved open source packages and store build artifacts to help developers identify source code and open source dependency violations to ensure code quality and compliance.

Artifactory

Identify source code and open source dependency violations in Artifactory repositories.

Nexus Repository

Scan docker images for threats with Black Duck Binary Analysis integration.

Amazon ECR

Streamline AppSec testing of images in Google containers.

Azure

black duck

Docker Registry

black duck

Learn more

Google

black duck

Workflow and notifications integrations

Black Duck integrates with popular notification and workflow management tools to flag vulnerabilities and send issues to downstream teams for resolution.

Jira Software

The Black Duck plugin for JIRA creates issues based on vulnerabilities and issue policy violations detected by Black Duck.

Secure Code Warrior

Black Duck and Secure Code Warrior provide an integrated solution to prevent security issues at the developer desktop to accelerate time to remediation.

Slack

The Black Duck plugin for Slack allows you to create Slack notifications based on vulnerabilities and policy violations detected by Black Duck.

Azure Boards

black duck

Bugzilla

coverity

SPDX

black duck

Microsoft Teams

black duck software risk manager

Security testing integrations

Black Duck offers an open platform that can integrate with several third-party security testing tools, enabling organizations to consolidate SAST, SCA, DAST, Infrasec, CNAPP, IaC, and pen testing in one place.

Click here for a full list of our supported integrations.

Checkmarx

Black Duck’s ASPM solution can ingest vulnerability findings from Checkmarx into Polaris for a complete and centralized view of application risk posture across your organization.

Snyk

Black Duck’s ASPM solution can ingest vulnerability findings from Snyk into Polaris for a complete and centralized view of application risk posture across your organization.

Veracode

Black Duck’s ASPM solution can ingest vulnerability findings from Veracode into Polaris for a complete and centralized view of application risk posture across your organization.

Acunetix

software risk manager

Aqua

software risk manager

Clang

software risk manager

Contrast Assess

software risk manager

Errcheck

software risk manager

Fortify

software risk manager

Gendarme

software risk manager

HCL AppScan

software risk manager

JSHint

software risk manager coverity

Netsparker

software risk manager

Parasoft

software risk manager

PHP_CodeSniffer

software risk manager

Scalastyle

software risk manager

Staticcheck

software risk manager

Trustwave App Scanner

software risk manager

WhiteSource

software risk manager

Q-mast

software risk manager

Learn more

ThunderScan

software risk manager

Anchore Enterprise

software risk manager

Arachni

software risk manager

Code Cracker

software risk manager

Cppcheck

software risk manager

Error Prone

software risk manager

Gocyclo

software risk manager

Ineffassign

software risk manager

Microsoft

software risk manager

Nexus Lifecycle

software risk manager

NowSecure

software risk manager

Learn more

software risk manager

Qualys

software risk manager

SD Elements

software risk manager

Tenable

software risk manager

Vet

software risk manager

CoGuard - Infrastructure Security and Automation

coverity

Learn more

IriusRisk Threat Modeling

software risk manager

Learn more

Android Studio Lint

software risk manager

Brakeman

software risk manager

CodePeer

software risk manager

Dependency-Check

software risk manager

ESLint

software risk manager

Golint

software risk manager

JFrog Xray

software risk manager

Mobile Secure

software risk manager

Nmap

software risk manager

OCLint

software risk manager

Prisma Cloud

software risk manager

Retire.js

software risk manager

Security Code Scan

software risk manager

Vex

software risk manager

Cycode

black duck coverity

Vigilant Ops

black duck

Visual Studio Code Analysis

software risk manager coverity

AppSecAI Expert Triage Automation

coverity

AppSpider

software risk manager

Burp Suite

software risk manager

Checkstyle

software risk manager

CodeSonar

software risk manager

Dependency-Track

software risk manager

Find Security Bugs

software risk manager

Gosec

software risk manager

Jlint

software risk manager

Nessus

software risk manager

OWASP ZAP

software risk manager

PHP Mess Detector

software risk manager

Pylint

software risk manager

SafeSQL

software risk manager

SpotBugs

software risk manager coverity

sqlmap

software risk manager

Production deployment integrations

Black Duck solutions integrate with leading production deployment tools to enable application releases that keep pace with development velocity, scale with organizations’ software footprint, and thoroughly test for quality.