“We evaluated a few SCA solutions and did a proof of concept of the three final candidates,” Guðmundsson continued. “Of the three, we found Black Duck® to be the best fit for our needs. At the time of our evaluation, Black Duck was the only solution we tested that was able to scan software whether packaged as containers or as standard deployments.”
Guðmundsson cited Black Duck Security Advisories (BDSAs) as a key feature of Black Duck SCA. These advisories offer curated and prioritized security notifications reaching well beyond the standard information found in free feeds like the National Vulnerability Database. With thousands of exclusive listings curated by security experts, Black Duck Security Advisories provide timely vulnerability descriptions, severity scoring, and advanced, actionable remediation guidance.
“The BDSAs give us good insight into if a vulnerability might affect us or not, if it is being exploited in the wild, and what package versions fix the vulnerability,” said Guðmundsson. “And Black Duck SCA It makes it easy to see which of our solutions are using the vulnerable package in question.”