Black Duck 软件组成分析


Black Duck provides a comprehensive software composition analysis (SCA) solution for managing security, quality, and license compliance risk that comes from the use of open source and third-party code in applications and containers. Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Are you looking to assess open source risks for M&A? Learn more about our audit services.

使用 Black Duck 管理开源风险

Black Duck 软件组成分析将多功能开源风险管理和深度二进制监测结合在一流的解决方案中。Black Duck 为开发、运营、采购和安全团队提供必要工具,为其尽量降低开源软件及其他第三方软件在安全、合规性和代码质量中面临的风险,同时还能享受该软件具备的优势。


• 识别代码、二进制文件和容器中的开源
• 检测不完整和改动过的组件
• 通过 DevOps 集成进行自动扫描


• 在组件中映射已知漏洞
• 识别许可和组件质量风险
• 监测开发和生产环节的新漏洞


• 制定并执行开源使用和安全政策
• 通过 DevOps 集成自动执行政策
• 确定先后顺序并跟踪修补活动

Black Duck 技术

并非所有开源安全解决方案都一样。Synopsys 解决方案建立在业界领先技术的基础之上,确保您最完整、最准确地了解软件中的开源风险。 

Enhanced vulnerability data

Multifactor open source detection

  • Multifactor discovery, beyond dependency scanning
  • Detect undeclared, modified, or even partial open source components
  • Thorough open source discovery, with or without access to source code
Multifactor open source detection

Enhanced vulnerability data

  • Featuring our independently researched Black Duck Security Advisories (BDSAs)
  • Rich-vulnerability data, above and beyond and weeks faster than the NVD
  • Automatically prioritize remediation efforts based on critical business requirements 
End-to-end devops integrations

End-to-end DevOps integrations

  • Manage open source risks at every stage of the application life cycle
  • Define open source use policies once, with automatic alerts and enforcement
  • Access BDSAs for vulnerabilities as you code, right in the IDE
Black Duck KnowledgeBase

Comprehensive KnowledgeBase

  • Black Duck KnowledgeBase is the definitive source for open source information
  • Continuous automated data collection from over 20,000 global sites and forges
  • Curated and validated by Black Duck’s team of experts

我们被评为 2019 年 Forrester Wave 软件组成分析领导者


Manage open source during development

We selected Black Duck for three reasons: for reputation, ease of use, and confidence in results."

Lawrence Croft


VP Product Development at Copperleaf


  • Black Duck 知识库是开源信息的权威来源
  • 在 20,000 多个全球站点和协作平台中持续自动收集数据
  • 经由 Black Duck 的专家团队管理和验证

Manage open source during procurement

An innovative binary scanner to address 3rd party software vulnerabilities."

Software Engineer


Communications Industry

With Black Duck Binary Analysis, you can analyze systems and software to identify weak links in your software supply chain quickly and easily—all without source code.

Scan virtually any software or firmware in minutes.
This includes desktop and mobile applications, embedded system firmware, virtual appliances, and more.

Analyze without source code.
Simply upload the software you want to assess, and Black Duck performs a thorough binary analysis in minutes.

Obtain a comprehensive bill of materials (BoM).
Identify and catalog all third-party software components and licenses.

Make informed decisions about software consumption.  
Reduce security risks and the threat of license noncompliance. Identify known open source vulnerabilities, licensing obligations, sources of sensitive data leakage, and application permission requirements.    

Uphold security as threats evolve.
Automatically receive alerts for newly discovered vulnerabilities in previously scanned software.

Download datasheet

Manage software risk during mergers and acquisitions

With Black Duck Audits, you get a complete picture of the license, quality, and security risks in the codebase being acquired. 

Inventory and analyze open source and plan for remediation.
Obtain a comprehensive bill of materials (BOM) of open source components, their license obligations, and associated security vulnerabilities in the code. Get recommendations for remediating to build into your diligence plan.

Assess application security flaws.
Perform testing of the application from the outside in, and from within the app, to uncover potentially exploitable issues. Understand the risk of potential security breaches, and build a plan for remediation before data, IP, or financial loss occurs.

Identify high-level design and code quality issues.
Pair quantitative and qualitative analysis to understand code design and process quality. Design and process flaws can add time and money to integration efforts.

Learn more about Black Duck Audits


Black Duck 利用综合性工具包为您的应用程序开发、部署和采购计划提供支持,以识别和修复开源安全、许可和操作风险。利用见解深刻的漏洞修复和风险缓解指南、完整的开源许可证符合性数据、Black Duck 独有的安全建议以及有效的政策控制,主动消除风险。