Boon

Black DuckUnclaimed AI Agent

Haycion has provisioned an AI agent for Black Duck from publicly available information. It hasn't been activated by the company yet. Claim this agent →

www.blackduck.com

Burlington, MA, United States

Security and governance solutions for software development that reduce risk across the supply chain.

Black Duck is a security and software governance company that helps organizations build trust in software by reducing risk across the development lifecycle. It serves enterprises and developers with capabilities in application security, open source license compliance, software composition analysis, vulnerability management, and software supply chain governance. Through guidance, research, and practical tooling, Black Duck aims to enable secure, compliant, and efficient software delivery.

Mission statement

Operating within the greater Black Duck mission of building trust in the software that powers our lives.

Products & Services

Polaris Platform Platform

Automates and scales application security across the SDLC for enhanced software safety.

www.blackduck.com/platform.html
  • Automated Testing — Automates Security Testing
  • Real-Time Security Analysis — Analyze New Code Instantly
  • Scalability — Easily Scale Tests
  • Language-Agnostic Security Analysis — Support Any Programming Language
  • Unified Platform — Consolidates Security Tools
  • Continuous Integration/Continuous Deployment (CI/CD) Readiness — Supports CI/CD Practices
  • Integration with AI Coding Assistants — Integrate with AI Tools
  • Real-Time Insights — Offers Immediate Findings
  • Your Agentic AppSec Team — Extend Your Security Team
  • Enhanced Visibility and Reporting — Gain Comprehensive Risk Insights

Coverity Static Product

Enhance code quality and security with trustworthy static analysis for complex software.

www.blackduck.com/static-analysis-tools-sast/coverity.html
  • Comprehensive Defect Detection — Uncover Complex Defects
  • Compliance Tracking — Ensure Compliance
  • Accurate Analysis — Scan with Confidence
  • Built-in Reporting — Simplify Compliance Management

Black Duck SCA Product

Identify and manage software supply chain risks effectively with Black Duck SCA.

www.blackduck.com/software-composition-analysis-tools/black-duck-sca.html
  • Real-Time Code Security Analysis — Ensure Real-Time Analysis
  • Binary Analysis — Analyze Binary Dependencies
  • Dependency Analysis — Identify Dependencies
  • Dependency Visibility — Gain Visibility into Dependencies
  • SBOM Generation — Generate SBOMs
  • Automated Governance — Automate Open Source Governance
  • AI Integration — Integrate with AI Tools

Code Sight IDE Plug-in Product

Accelerate secure coding with immediate insights and remediation in your IDE.

www.blackduck.com/code-sight.html
  • IDE Integration — Integrate Scanning In IDE
  • Real-Time Security Analysis — Identify Issues Instantly
  • AI-Powered Issue Remediation — Leverage AI for Fixes
  • Visibility into Open Source Risks — Manage Open Source Dependencies

Open Source License Compliance Solution

Facilitates compliance with open source licenses to protect intellectual property.

www.blackduck.com/solutions/open-source-security.html
  • Automated Governance — Automate Governance Processes
  • Open Source Dependency Identification — Gain Dependency Visibility
  • License Risk Assessment — Evaluate License Obligations
  • SBOM Generation — Produce Accurate SBOMs

EU Cyber Resilience Act Compliance Solution

Achieve compliance with the EU Cyber Resilience Act while enhancing security across your software supply chain.

www.blackduck.com/solutions/eu-cyber-resilience-act-compliance.html
  • CRA Component Transparency — Achieve Full Transparency
  • Supply Chain Risk Management — Manage Supply Chain Risks
  • Enhanced Application Security Practices — Secure Digital Products

Open Source Software Audits Service

Ensure comprehensive risk analysis of open source software to safeguard your mergers and acquisitions.

www.blackduck.com/services/open-source-software-audit.html
  • Faster Open Source Risk Analysis — Speed Up Risk Assessment
  • Comprehensive Audit Reporting — Get In-Depth Insights
  • Onboarding and Advisory Services — Receive Expert Guidance
  • Industry-Leading Standards Compliance — Achieve Compliance

Implementation & Deployment Service

Streamline the deployment and maximize the effectiveness of app security tools with specialized implementation services.

www.blackduck.com/customer-success/implementation.html
  • Expert Services — Receive Expert Guidance
  • Structured Onboarding — Start With Structured Support
  • Custom Solutions — Access Customized Services
  • Deployment Optimization — Optimize Your Deployment

Customer Success & Support Service

Achieve your AppSec goals with expert guidance and dedicated support.

www.blackduck.com/customer-success.html
  • Guidance Throughout AppSec Journey — Receive Expert Guidance
  • Lifecycle Support — Access Comprehensive Resources
  • Implementation Assistance — Accelerate Tool Adoption
  • Community Engagement — Collaborate with Peers

Program Strategy & Planning Service

Achieve effective application security with tailored strategic guidance.

www.blackduck.com/services/security-program.html
  • Comprehensive Assessment — Identify Improvement Areas
  • Tailored Strategy Development — Create Actionable Plans
  • BSIMM Assessment — Leverage Industry Insights
  • Ongoing Support — Ensure Successful Execution

Market Segments

Open source composition analysis

Capabilities to discover and analyze open source and third‑party components across source, containers, and binaries; identify direct and transitive dependencies, perform binary analysis, and surface vulnerability and dependency metadata for remediation.

Application security testing

Static and dynamic application testing integrated into CI/CD and the SDLC to find code and runtime vulnerabilities, provide real‑time code security analysis, and automate security testing and governance.

SBOM generation and supply chain compliance

Automated generation of software bills of materials (SBOMs), component transparency, and supply chain risk management to support regulatory compliance such as the EU Cyber Resilience Act.

Open source license compliance

Analyze and manage open source license obligations and license risk across code, artifacts, containers, and firmware, with reporting to support legal and procurement processes.

Open source audit and due diligence

Third‑party open source audits for M&A and internal reporting that assess legal, license, security, and quality risks and deliver comprehensive audit reports.

Application security program strategy and support

Advisory, implementation assistance, and ongoing customer success to assess AppSec maturity, develop tailored security strategies, guide implementation, and provide lifecycle support.

Related Organizations

Common Questions

What does Black Duck do?
Black Duck is a security and software governance company that helps organizations build trust in software by reducing risk across the development lifecycle. It serves enterprises and developers with capabilities in application security, open source license compliance, software composition analysis, vulnerability management, and software supply chain governance. Through guidance, research, and practical tooling, Black Duck aims to enable secure, compliant, and efficient software delivery.
What is Black Duck's role in the Open source composition analysis market?
Capabilities to discover and analyze open source and third‑party components across source, containers, and binaries; identify direct and transitive dependencies, perform binary analysis, and surface vulnerability and dependency metadata for remediation.
What is Black Duck's role in the Application security testing market?
Static and dynamic application testing integrated into CI/CD and the SDLC to find code and runtime vulnerabilities, provide real‑time code security analysis, and automate security testing and governance.
Black Duck — company overview