Black Duck

Black Duck is a leading provider of advanced code security solutions, focusing on delivering comprehensive tools and services that help companies secure their applications throughout the entire software development lifecycle. Their offerings include modern technologies for static and dynamic analysis, enabling the detection and remediation of security vulnerabilities early in the development process before they reach the production environment. Black Duck solutions also facilitate the monitoring of open-source library security and compliance with their licenses.

Partnering with Black Duck provides numerous benefits, such as enhanced security, performance, and compliance of software. With advanced code analysis and management tools, companies can detect and address security vulnerabilities early in development, reducing legal and operational risks. Automation and streamlining of security management processes accelerate the software development cycle, leading to lower production costs. Additionally, expert support aids in optimizing processes and implementing best practices, ensuring long-term protection of software and data, while building trust with clients and business partners.

Description of technology

Vulnerability Management

Black Duck - A tool for managing open-source software security and compliance that identifies open-source components used in projects and monitors their vulnerabilities and licenses.

Coverity - a static code analysis tool that automatically detects issues in source code that may lead to failures, security breaches, and poor software quality. It also offers easy integration with CI/CD processes.

Defensics - An application security testing tool specializing in evaluating the resilience of systems and applications against various types of attacks. Using fuzzing technology, Defensics automatically generates and sends malformed or unusual inputs to detect vulnerabilities, errors, and unexpected behaviors in software.

Polaris - a SaaS platform that integrates various analytical tools into a cohesive infrastructure. It allows development teams to quickly and easily integrate security scans with existing DevOps processes.

Seeker - An interactive application security analysis tool that identifies vulnerabilities in real-time during code execution. Utilizing Interactive Application Security Testing (IAST) technology, Seeker automatically detects and analyzes weak points in running applications, assessing their actual risk and business context.

White Hat - An application security testing tool that enables the detection and remediation of vulnerabilities in web and mobile applications. Using dynamic analysis and real-time testing, WhiteHat identifies security threats that might be missed by traditional methods.

Helpful files