FIND & REMEDIATE OPEN SOURCE VULNERABILITIES

The Black Duck Hub helps security and development teams identify and mitigate open source related risks across applications and containers.

Use the Black Duck Hub to:

• Scan code to identify specific open source in use
• Automatically map known vulnerabilities to open source in use
• Triage – assess risk and prioritize vulnerabilities
• Schedule and track remediation
• Identify licenses and community activity

While other static analysis solutions focus on uncovering code related vulnerabilities introduced by developers as they write code, these techniques only catch a small percentage of vulnerabilities reported over time. Vulnerabilities like Heartbleed, Shellshock, Poodle, and Ghost have highlighted the level of exposure that commonly used open source components can cause. These widely publicized vulnerabilities represent only a small fraction of the more than 5,000 open source vulnerabilities reported each year.

Only Black Duck provides:

• The most comprehensive language coverage and development tools integration
• The industry’s most complete open source software KnowledgeBase
• Integrated remediation tracking and management