Black Duck® multifactor open source scanning technology ensures that you have the most complete and accurate view of open source in your applications and containers. Our open source detection combines build process monitoring and file system scanning to track all open source in use, including components most solutions miss.
Integrates with build tools like Maven and Gradle to track both declared and transitive open source dependencies in applications built in languages like Java and C#.
Maps string, file, and directory information to the Black Duck KnowledgeBase to identify open source and third-party components in applications built using languages like C & C++.
Identifies open source within compiled application libraries and executables. No source code or build system access required.
Finds parts of open source code that have been copied within proprietary code, which can potentially expose you to license violations and conflicts.
Most other solutions rely solely on package manager declarations to identify open source components. But these solutions miss a lot of open source that may be in your code, including:
In addition, these solutions often provide inaccurate results for transitive dependencies and components where the package declaration doesn’t specify a single version to include in the build.
By combining our proprietary codeprint analysis with dependency analysis, Black Duck provides visibility into open source components not tracked by a package manager, as well as component and version verification for dynamic and transitive dependencies.
Black Duck Detect, our open source discovery client, makes it easy to integrate open source detection into your existing development tools and processes. It automatically identifies which languages and package managers you’re using, configures the appropriate integrations for discovery, and finds the most effective way to analyze your code.
Watch the video
Download the supply chain security solution guide
Learn more about the market-leading SCA tool
Download the latest OSSRA report
See why Black Duck is a Leader
See why Synopsys is a Leader in AppSec