Black Duck Software Composition Analysis

Secure and manage open source from development to deployment

Black Duck by Synopsys provides a comprehensive software composition analysis (SCA) solution for managing security, quality, and license compliance risk that comes from the use of open source and third-party code in applications and containers. Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

find open source in code


  • Identify open source in code, binaries, and containers
  • Detect partial and modified components
  • Automate scanning with DevOps integrations

identify open source license risk


  • Map components to known vulnerabilities
  • Identify license and component-quality risks
  • Monitor for new vulnerabilities in development and production

open source security policies


  • Set and enforce open source use and security policies
  • Automate policy enforcement with DevOps integrations
  • Prioritize and track remediation activities


Manage open source risks with Black Duck

Black Duck software composition analysis combines versatile open source risk management and deep binary inspection in a best-in-class solution. Black Duck gives development, operations, procurement, and security teams the tools they need to minimize the security, compliance, and code quality risks of open source and other third-party software, while still realizing the benefits that come with it.


Manage open source during development

With Black Duck, you can identify and track open source components within your applications’ source code and monitor for new and existing vulnerabilities that put them at risk.


Manage open source during deployment

Black Duck OpsSight helps you prevent known open source vulnerabilities from being deployed into production environments. With OpsSight you have unprecedented visibility into the open source components and any associated security vulnerabilities that exist in the container images you create and those that are running in production. Black Duck OpsSight integrates directly into your container orchestration platforms, ensuring that you have the visibility and control you need to minimize risk to your applications.


Manage open source during procurement

With Black Duck Binary Analysis, you can analyze systems and software to identify weak links in your software supply chain quickly and easily—all without source code.


Phase Pacific

Exchange Tower
Level 1, 530 Little Collins St
Melbourne VIC 3000

ABN 48 104 026 191