With Black Duck software composition analysis, you can identify and track open source components within your applications’ source code and monitor for new and existing vulnerabilities that put them at risk.
Use multifactor open source detection to inventory open source in use.
Identify declared components, unique hash signatures, and dependencies resolved during a build.Track all third-party components, licenses, and versions contained in your applications.
Map your bill of materials (BOM).
Map your BOM onto the largest KnowledgeBase™ of open source project, vulnerability, and license data.Make informed decisions with relevant risk metrics and actionable remediation guidance.
Manage risk as you code.
With theCode SightIDE plugin, developers have the information necessary to find and fix issues as they code.Access detailed vulnerability descriptions, remediation guidance, license information, and potential policy violations so you can fix the problem without interrupting your work or leaving the IDE.
Get deeper vulnerability insight.
Access detailed, proprietary security risk insight from the网络安全研究中心 (CyRC).Receive notifications of new vulnerabilities up to three weeks before they are published in the NVD, reducing your window of exposure.
Uphold security as threats evolve.
自动接收警报的新发现 vulnerabilities in the components and dependencies in your BOM.