Black Duck SCA - Software Composition Analysis (SCA) solution, which provides vulnerability detection, open source security assessment, licence compliance monitoring (code copyright detection, use of AI systems, etc.), and 3rd party component detection and verification (SBOM) in applications.
Functional features
Analyse all libraries and components used in applications
Scan binary files without access to the source code
Create an SBOM with all application dependencies
Risk prioritisation based on context, CVSS and CWE
Integration into the company's CI/CD process for automated verification during development
Application of security policies with the ability to automatically trigger actions in case of their violation
Benefits of the solution:
- Proprietary BDSA (Black Duck Security Advisories) vulnerability database containing the results of AI analytics and auditors' expertise
- Access to a knowledge base of more than 2500 licences to verify compliance with licence requirements
- Support for over 20 programming languages
- Detection of third-party code that violates licences or copyrights
- Detecting code generated by AI systems
- Open source analysis to prevent the use of outdated or vulnerable libraries
- Supports import and export of SBOM reports in SPDX and CycloneDX formats
- Integration with ticketing systems: Jira, Azure DevOps, Bugzilla, etc.
The tasks that Black Duck solves:
- Identifying vulnerabilities in open source components
- Ensuring open source compliance with licensing requirements and copyright verification
- Creating and maintaining an up-to-date SBOM in accordance with internal company requirements or international standards
- Integration into the company's CI/CD process for automatic component analysis during application development
- Identify outdated or vulnerable components in open source
- Ability to analyse static code and dynamically loaded code (third-party libraries) in applications
Black Duck SCA helps to ensure open source vulnerability management at all stages of development, integrate with DevOps/CI/CD processes, support vulnerability detection in all elements of the application under development, and manage SBOM.
Entrust the security of your business to professionals! Get a free consultation from experts Seeton:
Get a consultation
Always in touch to ensure the continuity of your business!
Learn more and get consultation from Seeton Cyber Security Group!
PARTNER:
