Black Duck SCA quickly identifies known security vulnerabilities, associated licenses, and code quality risks. Black Duck operational risk information uncovers a component’s level of risk on the initial scan and continuously monitors the component to ensure it remains up to date and active.
Black Duck SCA analyzes both source and binary code, so it can scan virtually any software, including desktop and mobile applications, embedded system firmware, and more. And with Black Duck Security Advisories, advanced proprietary research on open source vulnerabilities, you gain a complete picture of the security risk of the open source in your software.
- Map components to known vulnerabilities.
- Monitor for new vulnerabilities in development and production.
- Prioritize and track remediation activities.
- Scan virtually any software, with or without access to source code.
With Black Duck SCA, you can configure your open source security and use policies based on a comprehensive array of criteria, including license type, vulnerability severity, open source component version, and more. You can also enforce development policies with automatic workflow triggers, notifications, and bidirectional Jira integration for accelerated remediation initiation and reporting.