Customized rules. Black Duck allows you to define policy based on your organization’s risk tolerance and the software you are developing. Examples of customized policies you can create include:
- Preventing the use of GPL licenses for externally distributed projects
- Preventing the use of high-risk licenses for any projects
- Preventing the use of licenses with unfulfilled terms
- Preventing the use of licenses that are currently under review
Superior open source identification. Black Duck effortlessly identifies open source components in your code. Black Duck offers:
- Standard dependency analysis for package managers
- Snippet and signature scanning
- Code and license lines that have been copied and pasted into your application still carries license obligations
- Black Duck's scanning handles open source in languages that don't use package managers (C/C++)
- Binary analysis. Black Duck’s binary analysis capabilities help you:
- Find open source and license obligations without the need for source code
- Scan compiled code that still carries license obligation
- Ensure license compliance no matter where you use it in the supply chain
Unmatched intelligence. Black Duck matches open source, or license lines, to known licenses using our proprietary Knowledge Base. As the industry’s most comprehensive database of open source project, license, and security information, our KB covers more than 3.8 million open source components from over 20,000 forges and repositories and tracks more than 3000 unique licenses.
Deep license analysis. Declared licenses can often be inaccurate or incomplete, so Black Duck does deep license analysis which inspects source and other files within packages looking for undeclared licenses. We can also scan custom code to ID license text and obligations, which could have potentially been added by developers or are indications that code was copied from open source.
Effortless enforcement and critical feedback.
- Black Duck provides full license text, which is important for fully evaluating, reviewing, and understanding licenses, the risk they pose to your organization, and what it takes to completely comply with them.
- Black Duck provides a list of categorized obligations in a manner that anyone can understand, regardless of their role. Obligations are categorized simply by what is required, forbidden, and permitted. For example, a license may require you to include copyright notices, forbid you from holding original owners liable for any damage, and permit you to modify the software.
- Black Duck helps with license obligation fulfillment, tracking license obligations per component to ensure required activities are completed.
- Black Duck integrates seamlessly across the entire SDLC to provide the right amount of information to the right person at the right time. Rapid Scan detects license policy violations before merging code into release branches, CI integrations enable you to easily identify issues from within the build environment, and continuous monitoring notifies you of any issues related to your bill of materials even after an application is shipped.
- Black Duck automatically generates notices files and copyright statements, which most licenses, regardless of permissiveness, require be included with product documentation.