With Black Duck IDE integrations, you can discover open source security gaps as you code via Black Duck’s source file scanning. These plugins automatically scan open source components as you pull them into your code, allowing you to look up component security information and take remediation steps even before you check in your code.
Black Duck CI integrations allow you to configure and automate scanning as part of your CI build process. Scan results are visible within both Black Duck and CI user interfaces. Open source application security, license, and use policies defined in Black Duck can be configured to show alerts within the CI tool or fail a build, allowing you to configure enforcement based on project type and build phase.
Black Duck binary repository integrations help you ensure that the code artifacts your developers are using comply with open source use policies and are free from known vulnerabilities. These plugins scan artifacts already in the repository as well as those being added, preventing noncompliant artifacts from entering or propagating. In addition, Black Duck’s vulnerability and policy monitoring will alert you when new security risks or policies affect artifacts in the repository.
Black Duck’s application security suite integrations give users a “single pane of glass” view of application vulnerabilities across both the custom code and open source components that make up their applications. This integrated view of open source vulnerabilities with static application security testing (SAST) results helps teams prioritize and track remediation efforts across the entire application codebase.