Black Duck

Black Duck is a comprehensive software composition analysis (SCA) solution by Synopsys that identifies, tracks, and manages security vulnerabilities, license compliance risks, and code quality issues within open source and third-party components across applications, containers, binaries, and firmware throughout the software development lifecycle. The platform utilizes multifactor scanning including dependency analysis, binary inspection, and snippet detection to provide complete visibility into software supply chains, while leveraging the proprietary Black Duck KnowledgeBase containing over 132,000 vulnerabilities and 3.9 million open source projects to deliver automated risk assessment and remediation guidance.