About Black Duck

Black Duck offers a comprehensive suite of services and tools that support customers on their security journey. From customers just starting with security, to customers strengthening an established program, Black Duck has the expertise, skills, and products necessary for success.


Secure Software Life Development Cycle diagram

What is Black Duck SCA?

Black Duck SCA is a Software Composition Analysis (SCA) solution that helps organizations identify, track and manage open-source components in their codebase. It provides automated license compliance, security vulnerability detection, and risk assessment to help teams ensure the security and integrity of their software.

Key capabilities

  • Open source management: Identify and track open-source components in your projects.

  • Vulnerability detection: Automatically scan for security vulnerabilities using the National Vulnerability Database (NVD) and Black Duck Security Advisories (BDSA).

  • License compliance: Analyze open-source licenses and ensure compliance with corporate policies.

  • Risk assessment & policy enforcement: Define and enforce policies to mitigate security, legal, and operational risks.

  • Software bill of materials (SBOM) generation: Produce and manage SBOMs to maintain transparency over software dependencies.

How does Black Duck SCA work?

  • Scan your code: Use Black Duck scanning tools (Detect, integrations, or APIs) to analyze your codebase.

  • Identify components: Black Duck maps your code's dependencies to known open-source libraries in its KnowledgeBase (KB).

  • Assess risks: Black Duck checks for security vulnerabilities, license issues, and policy violations.

  • Take action: View reports, prioritize risks, apply remediations, and generate SBOMs for compliance.

How do you get started?

  1. Set up an account: Log in to your Black Duck instance or cloud-hosted environment.

  2. Run your first scan: Analyze a sample project and review the findings.

  3. Review results: Explore vulnerabilities, license risks, and policy violations in the UI.

Start exploring Black Duck SCA

Next steps

Once you're familiar with the basics, dive deeper into Black Duck's advanced features and technical configurations with the following Community resources: