Excellent experience starting from the concept phase, evaluation phase and then later the complete implementation. Its a great tool in the domain of security and a must have

An updated vulnerability list and ease of Maintainance and administration are the key features of the tool. Moreover, its a breeze to integrate with various CI/CD toolsets ensuring a great DevSecOps practice

I guess in general DevSecOps is still a recent phenomenon and developers and engineers need to get themselves well acquainted with such security concepts

Ease in identifying the security exposures and hidden vulnerabilities created by open source components. Time to market is faster for identifying the vulnerabilities early during the development stage. open source license management becomes so easy now.

The ease of identifying and managing the open source code and as well examining the source code for vulnerabilities and specifically the hidden security vulnerabilities is amazing. This is the product that every organization should look out to manage the source code for identifying quickly about vulnerabilities, open source code license management which can be lethal if ignored. Easily integrates with your current CI engines and sets the pace for your time to market. Ease in identifying the security exposures and hidden vulnerabilities created by open source components. Time to market is faster for identifying the vulnerabilities early during the development stage. open source license management becomes so easy now. The product is really amazing already. Hub knowledge bases are huge and growing day by day.

Improve in reporting, and better API experience. Black Duck is a duckling and is growing fast.Suggest black duck to update the KBs quickly.

Ability to detect open source vulnerabilities in our code.

Ability to detect open source vulnerabilities in our code. Pre-sales contact & support was good (demo, trial etc). Clean interface. Performance improved in v4.0.0.

Difficult installation process, made more complicated with the introduction of Docker in v4.0.0 & with introduction of mandatory SSL/TLS web server certificate which requires troubleshooting trust issues. Support team are reluctant to pick up the phone or enter into telephone support, with sporadic email communication being the favoured option. Some gaps in documentation. Why is there no pre-built Black Duck Hub virtual appliance that I can drop into VMware? No documentation for implementing with vSphere Integrated Containers (VIC), only documentation for Docker & Openshift. Reporting improvements still to be made.

We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components.

We are working in improving Open Source Culture in our Company and Customers: Black Duck HUB is a very good tool for awareness about legal, security and operational risks in using Open Source Components. A very good thing is that it provide features for code scanning, independently from language and technology, also integrated with CI/CD tools like Jenkins. The GUI is very easy to use and intuitive, the dashboard give a lot of information about Open Source Components in the project and you can take advantage of notification about new vulnerability. In the latest versions Back Duck Hub is also improved in remediation suggestions about vulnerability. Black Duck provide also good reports and you can customize it using restful API and direct access to a Report Database. What is more it is really easy to install, we use the docker compose version: just install Docker, download images and run a command to set up the environment or upgrade to a new version! Last but not least the technical support and customer care is really good.

Black Duck HUB is a quite new product, despite it has very famous and consolidate ancestors like Protex. So some features can improve and better meet users needs, especially about reports and API. Also documentation can improve .

I love the speed and overall simplicity of the application. It does a good job of finding most open source packages and performs identification automatically. It is very useful to see where a component is being used across my organization, as well as see other factors beyond license risk like security and operational risk.

The application is expensive due to the billing model that enforces a quota on amount of code scanned. This disincentivizes me to use the application when I would ordinarily want to scan as much of my code as possible due to its ease of use. It has fewer features when compared to Protex, but Black Duck is slowly resolving this.