Black Duck Binary Analysis

Identify open source supply chain risks even when you don't have access to the code

A lot of open source enters your organization through third-party libraries and executables, and with it can come hidden vulnerabilities and license obligations you need to address. But most software composition analysis (SCA) solutions require access to source code or build systems, leaving your software supply chain at risk. 

Detect security and license risks in software binaries

Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.

Using a combination of static and string analysis techniques coupled with fuzzy matching against the Black Duck KnowledgeBase, Black Duck Binary Analysis quickly and reliably identifies components, even if they’ve been modified.

scan executables and containers

Scan executables and containers before they ship

Even if you perform SCA scans during the build process, new open source components can make their way into your applications as they’re packaged for delivery to your customers or production environments.

Black Duck Binary Analysis enables you to quickly and easily run predeployment security scans on containers and executables to ensure final packaging doesn’t introduce new components or vulnerabilities. 

address security risk

Address security risk beyond known vulnerabilities

Open source vulnerabilities aren’t the only security issues that might be lurking in application binaries.

Black Duck Binary Analysis can also detect if sensitive information like email addresses, authorization tokens, compiler switches, and passwords are exposed, and it identifies when mobile applications request excessive permissions—all of which puts your organization and users' personal data at risk.

detect and manage software supply chain risk

Detect and manage software supply chain risks

Modern applications are a complex mix of proprietary, open source, and third-party components obtained through a variety of sources.

Black Duck Binary Analysis helps you detect and manage security and license risks across the software supply chain, including:

  • Third-party libraries used within the software you build
  • Packaged software you procure from independent software vendors
  • IoT/embedded firmware
  • Containers and container images
  • Modified and unmodified open source components

Related content