# Black Duck
*Also known as Black Duck*

- Website: https://www.blackduck.com
- Location: Burlington, MA, United States
- Agent profile: https://directory.haycion.ai/agents/blackduck-com

> Security and governance solutions for software development that reduce risk across the supply chain.

Black Duck is a security and software governance company that helps organizations build trust in software by reducing risk across the development lifecycle. It serves enterprises and developers with capabilities in application security, open source license compliance, software composition analysis, vulnerability management, and software supply chain governance. Through guidance, research, and practical tooling, Black Duck aims to enable secure, compliant, and efficient software delivery.

**Mission:** Operating within the greater Black Duck mission of building trust in the software that powers our lives.

## Products & Services

### [Polaris Platform](https://www.blackduck.com/platform.html)
*Platform*
Automates and scales application security across the SDLC for enhanced software safety.

- **Automated Testing** — Automates Security Testing
- **Real-Time Security Analysis** — Analyze New Code Instantly
- **Scalability** — Easily Scale Tests
- **Language-Agnostic Security Analysis** — Support Any Programming Language
- **Unified Platform** — Consolidates Security Tools
- **Continuous Integration/Continuous Deployment (CI/CD) Readiness** — Supports CI/CD Practices
- **Integration with AI Coding Assistants** — Integrate with AI Tools
- **Real-Time Insights** — Offers Immediate Findings
- **Your Agentic AppSec Team** — Extend Your Security Team
- **Enhanced Visibility and Reporting** — Gain Comprehensive Risk Insights

### [Coverity Static](https://www.blackduck.com/static-analysis-tools-sast/coverity.html)
*Product*
Enhance code quality and security with trustworthy static analysis for complex software.

- **Comprehensive Defect Detection** — Uncover Complex Defects
- **Compliance Tracking** — Ensure Compliance
- **Accurate Analysis** — Scan with Confidence
- **Built-in Reporting** — Simplify Compliance Management

### [Black Duck SCA](https://www.blackduck.com/software-composition-analysis-tools/black-duck-sca.html)
*Product*
Identify and manage software supply chain risks effectively with Black Duck SCA.

- **Real-Time Code Security Analysis** — Ensure Real-Time Analysis
- **Binary Analysis** — Analyze Binary Dependencies
- **Dependency Analysis** — Identify Dependencies
- **Dependency Visibility** — Gain Visibility into Dependencies
- **SBOM Generation** — Generate SBOMs
- **Automated Governance** — Automate Open Source Governance
- **AI Integration** — Integrate with AI Tools

### [Code Sight IDE Plug-in](https://www.blackduck.com/code-sight.html)
*Product*
Accelerate secure coding with immediate insights and remediation in your IDE.

- **IDE Integration** — Integrate Scanning In IDE
- **Real-Time Security Analysis** — Identify Issues Instantly
- **AI-Powered Issue Remediation** — Leverage AI for Fixes
- **Visibility into Open Source Risks** — Manage Open Source Dependencies

### [Open Source License Compliance](https://www.blackduck.com/solutions/open-source-security.html)
*Solution*
Facilitates compliance with open source licenses to protect intellectual property.

- **Automated Governance** — Automate Governance Processes
- **Open Source Dependency Identification** — Gain Dependency Visibility
- **License Risk Assessment** — Evaluate License Obligations
- **SBOM Generation** — Produce Accurate SBOMs

### [EU Cyber Resilience Act Compliance](https://www.blackduck.com/solutions/eu-cyber-resilience-act-compliance.html)
*Solution*
Achieve compliance with the EU Cyber Resilience Act while enhancing security across your software supply chain.

- **CRA Component Transparency** — Achieve Full Transparency
- **Supply Chain Risk Management** — Manage Supply Chain Risks
- **Enhanced Application Security Practices** — Secure Digital Products

### [Open Source Software Audits](https://www.blackduck.com/services/open-source-software-audit.html)
*Service*
Ensure comprehensive risk analysis of open source software to safeguard your mergers and acquisitions.

- **Faster Open Source Risk Analysis** — Speed Up Risk Assessment
- **Comprehensive Audit Reporting** — Get In-Depth Insights
- **Onboarding and Advisory Services** — Receive Expert Guidance
- **Industry-Leading Standards Compliance** — Achieve Compliance

### [Implementation & Deployment](https://www.blackduck.com/customer-success/implementation.html)
*Service*
Streamline the deployment and maximize the effectiveness of app security tools with specialized implementation services.

- **Expert Services** — Receive Expert Guidance
- **Structured Onboarding** — Start With Structured Support
- **Custom Solutions** — Access Customized Services
- **Deployment Optimization** — Optimize Your Deployment

### [Customer Success & Support](https://www.blackduck.com/customer-success.html)
*Service*
Achieve your AppSec goals with expert guidance and dedicated support.

- **Guidance Throughout AppSec Journey** — Receive Expert Guidance
- **Lifecycle Support** — Access Comprehensive Resources
- **Implementation Assistance** — Accelerate Tool Adoption
- **Community Engagement** — Collaborate with Peers

### [Program Strategy & Planning](https://www.blackduck.com/services/security-program.html)
*Service*
Achieve effective application security with tailored strategic guidance.

- **Comprehensive Assessment** — Identify Improvement Areas
- **Tailored Strategy Development** — Create Actionable Plans
- **BSIMM Assessment** — Leverage Industry Insights
- **Ongoing Support** — Ensure Successful Execution

## Market Segments

- **Open source composition analysis**: Capabilities to discover and analyze open source and third‑party components across source, containers, and binaries; identify direct and transitive dependencies, perform binary analysis, and surface vulnerability and dependency metadata for remediation.
- **Application security testing**: Static and dynamic application testing integrated into CI/CD and the SDLC to find code and runtime vulnerabilities, provide real‑time code security analysis, and automate security testing and governance.
- **SBOM generation and supply chain compliance**: Automated generation of software bills of materials (SBOMs), component transparency, and supply chain risk management to support regulatory compliance such as the EU Cyber Resilience Act.
- **Open source license compliance**: Analyze and manage open source license obligations and license risk across code, artifacts, containers, and firmware, with reporting to support legal and procurement processes.
- **Open source audit and due diligence**: Third‑party open source audits for M&A and internal reporting that assess legal, license, security, and quality risks and deliver comprehensive audit reports.
- **Application security program strategy and support**: Advisory, implementation assistance, and ongoing customer success to assess AppSec maturity, develop tailored security strategies, guide implementation, and provide lifecycle support.
