A lot of open source enters your organization through third-party libraries and executables, and with it can come hidden vulnerabilities and license obligations you need to address. But most software composition analysis (SCA) solutions require access to source code or build systems, leaving your software supply chain at risk.
Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.
Using a combination of static and string analysis techniques coupled with fuzzy matching against the Black Duck KnowledgeBase, Black Duck Binary Analysis quickly and reliably identifies components, even if they’ve been modified.
Even if you perform SCA scans during the build process, new open source components can make their way into your applications as they’re packaged for delivery to your customers or production environments.
Black Duck Binary Analysis enables you to quickly and easily run predeployment security scans on containers and executables to ensure final packaging doesn’t introduce new components or vulnerabilities.
Open source vulnerabilities aren’t the only security issues that might be lurking in application binaries.
Black Duck Binary Analysis can also detect if sensitive information like email addresses, authorization tokens, compiler switches, and passwords are exposed, and it identifies when mobile applications request excessive permissions—all of which puts your organization and users' personal data at risk.
Modern applications are a complex mix of proprietary, open source, and third-party components obtained through a variety of sources.
Black Duck Binary Analysis helps you detect and manage security and license risks across the software supply chain, including: