Black Duck logo

Explore Black Duck's Self-Guided Tours

Black Duck and Carahsoft have partnered to provide a series of self-guided tours of Black Duck's products and features. Similar to a live demo, these tours explore how Black Duck's products and features apply to a specific technology vertical such as DevSecOps.

 

Learn about Black Duck's benefits, watch a short pre-recorded demo video, and download related resources. If interested in furthering the conversation, you can also schedule a live demo with a Black Duck expert from Carahsoft. Start a self-guided tour now by selecting one below.

 

View All Open Source Tours
Black Duck DevSecOps Self-Guided Tour

Black Duck DevSecOps Self-Guided Tour

Black Duck works with its clients to build security into their DevOps systems with Black Duck’s DevSecOps solutions. Software is essential to the development and growth of every industry, so protecting that software is also essential. As companies face tightening regulatory requirements and an onslaught of AI-generated code, Black Duck provides world-class solutions to enforce security standards without compromising development velocity. Black Duck codes, builds, tests and operates at-scale DevSecOps programs, providing continuous dynamic application security testing and real-time threat alerts once the program is launched.


Want to learn more about Black Duck?
Start a self-guided demo now to learn how Black Duck can protect your software and optimize DevSecOps performance.
1 of 3

Black Duck Polaris Platform

Black Duck Polaris™ Platform is an integrated, software-as-a-service (SaaS) application security platform powered by the industry’s leading static application security testing (SAST), software composition analysis (SCA), and dynamic application security testing (DAST) engines. It provides fast, multitype scanning capabilities with highly accurate results triaged by Black Duck security experts. An easy-to-use and cost-effective solution that can scale with business application security needs, Polaris enables application security and development teams to collaborate in real time and meet release deadlines while managing enterprise application risk holistically.

Benefits

  • Flexibility: Our on-demand, integrated AppSec platform makes it easy to provision, manage, and monitor enterprise-wide scanning and assessments 24x7.
  • Scalability: Scale application security cost-effectively. Whether your organization requires testing for a single application or thousands, Polaris delivers a unified SaaS platform to meet your needs.
  • Ease of use: Easy onboarding, deployment, and testing from a single unified platform. Seamless integration with existing developer, test automation, and CI/CD workflows.
  • Concurrent scanning: Concurrent scanning improves performance by allowing you to run SAST, SCA, and DAST analysis at the same time. There is no limit to the number of tests you can run.
  • Accurate findings: Black Duck’s market-leading SCA, SAST, and DAST engines provide complete and highly accurate results.  Expert analysis and triage for SAST results is also available to further improve results by identifying and removing false positives.
  • Enterprise visibility: Polaris dashboards and reports give you a view of vulnerabilities and trends across all your teams and applications.
2 of 3

Black Duck SCA

Black Duck®  SCA is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications, containers, and any other software artifact or library. Named a Leader in software composition analysis (SCA) by Forrester, Black Duck SCA gives you unmatched visibility into third-party dependencies, enabling you to manage risk introduced by your software supply chain.

 

Black Duck SCA offers a combination of dependency discovery techniques to give teams complete visibility of application composition so they can effectively assess and manage risk.

  • Dependency analysis identifies direct and transitive dependencies declared by package managers.
  • Binary analysis detects dependencies in post-build artifacts, like firmware and container images, without access to source code.
  • Snippet analysis matches code snippets, such as those included by AI coding tools, back to their original open source projects.
  • CodePrint analysis identifies dependencies in source files and directories, even when they’re not declared by package managers.
  • Container scanning uses a combination of binary and CodePrint analysis to identify open source dependencies in container images, layer by layer.

  • C/C++ scanning accurately identifies open source dependencies and libraries being used in C/C++ applications, even where there is no presence of package managers.

 

Benefits

  • Visibility: Detect open source in code, binaries, containers, and artifacts. Import third-party components from SBOMs. Automate scanning with DevOps integration.
  • Manage risk: Map dependencies to known vulnerabilities and health issues. Scan for malicious components and sensitive information. Identify license risk and conflicts. Prioritize remediation based on severity.
  • Build trust: Define custom policies based on risk tolerance and customer requirements. Generate SBOMs with open source and custom dependencies. Address supply chain threats before shipping applications.

     

3 of 3

Coverity Static Analysis

Coverity® Static Analysis provides the most accurate and scalable static analysis on the market, empowering developers and security teams to deliver secure, high-quality applications at scale. By building an in-depth model of each application, then combining it with insights into all dependencies, compilers, and support for more than 20 programming languages and 200 frameworks, Coverity can uncover complex issues that span multiple files and libraries across some of the largest applications in the world.

Benefits

  • High performance: Fast incremental scans identify issues in new or changed code, with no loss of fidelity compared to full scans. This makes it easy to run frequent scans on commits or pull requests without slowing developer velocity.
  • Enterprise scale: Coverity scans many of the largest applications in the world, including those with thousands of developers and tens of millions of lines of code.
  • Extensibility: Custom checkers can be easily created to add support for proprietary frameworks or unsupported languages.
  • Deployment flexibility: Coverity runs where you need it, on premises or in your private cloud environment. This gives you the best static analysis scans while keeping all your data inside your network.

Black Duck benefits

 

  • Increased productivity: Black Duck’s DevOps platforms, issue management tools, and other products fix issues as you code—and before they are flagged later down the line.
  • At-scale automated security: Find and resolve issues quickly with AppSec testing at every stage of the SDLC and in CI/CD pipelines. Reduce downstream issues, expand operational risk awareness across teams, and establish automated security gates based on rules you set.
  • Maximized AppSec ROI: Black Duck’s DevSecOps solutions cut upfront capital expenditures. With a scalable, as-a-service security testing platform, Black Duck relieves your business of infrastructure maintenance burdens.