Black Duck Software Alternatives

    Black Duck Software is described as 'Organizations worldwide use Black Duck products to secure and manage open source software, eliminating pain related to open source security vulnerabilities and open source license compliance' and is an website in the Security & Privacy category. There are six alternatives to Black Duck Software, not only websites but also apps for a variety of platforms, including SaaS, Self-Hosted solutions, Mac and Windows. The best alternative is OWASP Dependency-Track, which is both free and Open Source. Other great sites and apps similar to Black Duck Software are FOSSA (Freemium), WhiteSource (Paid), Vigiles (Freemium) and WhiteSource Bolt (Free).

    This page was last updated Dec 6, 2021

    1. Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
      • FreemiumProprietary
      • Online
      FOSSA offers automated license scanning, dependency analysis and reports at each commit. Get a process up an running in 60 seconds, without slowing down development.
      No screenshots yet

    2. WhiteSource is the leading solution for agile open source security and license compliance management. It integrates with your development environments and DevOps pipeline to detect open source libraries with security or compliance issues in real-time.
      show more
    3. Timesys Vigiles is a Software Composition Analysis (SCA) tool that helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs.
      show more
      • FreeProprietary
      • Online
      • Software as a Service (SaaS)
      • GitHub
      • Azure DevOps
      • Microsoft Visual Studio
      WhiteSource Bolt is a FREE tool that scans all of your projects to detect vulnerable open source components. It provides actionable remediation paths to enable a quick fix. Available on Github & Azure DevOps Marketplaces:
      show more

    4. FlexNet Code Aware is a free code scanner that scans Java, NuGet and NPM packages looking for license compliance, IP, and security vulnerability risks.
      show more
    Showing 6 of 6 alternatives