With Black Duck software composition analysis, you can identify and track open source components within your applications’ source code and monitor for new and existing vulnerabilities that put them at risk.

Use multifactor open source detection to inventory open source in use.

Identify declared components, unique hash signatures, and dependencies resolved during a build. Track all third-party components, licenses, and versions contained in your applications.

Map your bill of materials (BOM).

Map your BOM onto the largest KnowledgeBase™ of open source project, vulnerability, and license data. Make informed decisions with relevant risk metrics and actionable remediation guidance.

Manage risk as you code.

With the Code Sight IDE plugin, developers have the information necessary to find and fix issues as they code. Access detailed vulnerability descriptions, remediation guidance, license information, and potential policy violations so you can fix the problem without interrupting your work or leaving the IDE.



Get deeper vulnerability insight.

Access detailed, proprietary security risk insight from the Cybersecurity Research Center (CyRC). Receive notifications of new vulnerabilities up to three weeks before they are published in the NVD, reducing your window of exposure.

Uphold security as threats evolve.

Automatically receive alerts for newly discovered vulnerabilities in the components and dependencies in your BOM.

Download datasheet