Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Good security, Stable and feature rich.
What do you like best about the product?
Black duck software composition analysis works amazing on Mac, It has a good security and excellent features that protects and examines our source code from compliance issues.
What do you dislike about the product?
Black duck should add features like packet analysis and binary analysis for better performance.
What problems is the product solving and how is that benefiting you?
We use black duck to audit our source code to protect from liscence and open source compliance. It is easy to use, stable, and well recognized in the industry.
- Leave a Comment |
- Mark review as helpful
Legal and Operational risks management tool.
What do you like best about the product?
It has impressive features for both legal & security 3rd party software compliance. UI is easy to understand. It helps us to analyze the code in a timely and accurate manner.
What do you dislike about the product?
According to me it has all the features required. It is fast and easy to use.
What problems is the product solving and how is that benefiting you?
The support team is always available to resolve the problem if any. Rest it helps us to know what's in your code and analyze your code in a timely and accurate manner.
What's there in your code?
What do you like best about the product?
Blackduck is part of Devonshire which provides us automatic scanning. Black duck is not just for devops but also Secops. Blackduck has the most extensive open source KB in the industry
What do you dislike about the product?
I am expecting better governance of teams. I have various teams using the capacity and I need to know which team is using how much. Black duck can come up with tenancy.
What problems is the product solving and how is that benefiting you?
Black duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black duck knowledge base and lists all the vulnerabilities and license issues in the code
Recommendations to others considering the product:
Well suited:. Easily come out of pain to manage open source components. No worries, Black duck is to the rescue, it takes care of your pen source components in terms of license and security. Also SecOps eases with the super Black duck
Less suited: can't really come up with a scenario, where it can be less suited. Until you stop using open source components in your code, quite impossible
Less suited: can't really come up with a scenario, where it can be less suited. Until you stop using open source components in your code, quite impossible
SecOps made easy
What do you like best about the product?
Quick inventory scan, Security and License risk management, integration for automatic scanning.
What do you dislike about the product?
It is slow, outdated design and is to expensive.
What problems is the product solving and how is that benefiting you?
Black Duck being well established about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
Need of today’s market
What do you like best about the product?
Black duck is certainly an industry leader in open source scanning primarily due to the fact that it is simpler to use and hence eliminate majority open source vulnerabilities and bugs and licensing issues. Should there be any enhancement request Blackduck is fairly adaptive and responsive towards implementing the same.
What do you dislike about the product?
The reporting could be enhanced as it does not provide the output the way one would expect it to be owing to which, it adds additional overhead to present the result in a better way
What problems is the product solving and how is that benefiting you?
It is very quick and responsive I remember including us small sized code from a random source and Blackduck immediately identified it
Benchmark in software composition analysis
What do you like best about the product?
One of the top solution providers to help manage security vulnerabilities, code quality, code smells, bugs and compliance risk associated with third-party open source code in an effective way. It supports wide range of languages some of which include Java, Cobol, Javascript, C#, C and C++. This software is the benchmark solution to elevate the continuous inspection element in CI/CD model
What do you dislike about the product?
The cost is relatively higher than the other solutions in the market which makes it a difficult choice for organisations
What problems is the product solving and how is that benefiting you?
Having used this software for a few years I have been able to cut down on a substantial amount of rework by detecting and analysing vulnerabilities before leveraging any open source code. With the timely upgradation of this software it becomes easy to stay updated in terms of the handling newer type of vulnerabilities introduced in the market
Black Duck SCA tool for vulnerabilities
What do you like best about the product?
Custom policies, IDE integration during the development life cycle.Jira tickets are being created for the issues
What do you dislike about the product?
Dont have any suggestion here which i have not liked so far.
What problems is the product solving and how is that benefiting you?
It was part of the ci/Cd pipeline to detect and create the Jira issues for corresponding vulnerabilities
Recommendations to others considering the product:
It was part of the ci/Cd pipeline to detect and create the jirra issues for corresponding vulnerabilities
The report is crisp and easy for deciding actionables
What do you like best about the product?
The report is crisp and easy for deciding actionable
What do you dislike about the product?
documentation could be better for implementation
What problems is the product solving and how is that benefiting you?
Able to find out the vulnerabilities and keep my systems secure & compliant
Black duck is an excellent and reliable software to detect vulnerablities and security risks.
What do you like best about the product?
Black duck serves as a good platform to identify third party software risk factors. It can be easily integrated as of part of CI/CD tools to scan security, license risk etc. It shows the exact break up of all the risky components of the binaries.
What do you dislike about the product?
It's very strict in compliance check so during upgradation of third party software it is diffcult to ignore some of the risks. But that shows how efficient Black duck software is. Also, using open source software creates license risks.
What problems is the product solving and how is that benefiting you?
Using Black duck for binary scans as a part of DevOps activity to ensure the security and operation risk complaince that has helped to manage the risks and triage vulnerabilies in the softwares.
Very basic UI
What do you like best about the product?
Comprehensive analysis. It does a good job finding everything.
What do you dislike about the product?
The output sucks, there's no comprehensive reports or nice UI or anything. It's all very basic/raw. They expect you to take all that raw information and make your own "pretty" reports with it, they have no product that can do that nor do they have any recommendations on 3rd party vendors that will do it.
What problems is the product solving and how is that benefiting you?
Finding any open source being used either directly or indirectly (ie through libraries or libraries of libraries) and all licenses that are being used.
showing 1 - 10