Welcome!

News Feed Item

Black Duck Software Announces Next Generation OSS Logistics Solution to Manage and Optimize Open Source

Black Duck Software, the leading OSS Logistics solutions provider enabling the adoption and management of open source software (OSS), today announced the release of Black Duck ® Suite™ 7 software that helps companies maximize the benefits of open source while managing the associated operational, legal, and security risks.

Black Duck Suite 7 provides an end-to-end OSS Logistics solution for enterprises using open source at scale, including: choosing the right OSS code; approving it automatically with built-in policies and workflows; scanning the code for origins and licenses; tracking what has been used and where for ease of reuse and maintenance; securing against vulnerabilities; and confidently delivering products and code throughout the supply chain.

“Open source is now a strategic element of all software development, and properly managing its use is essential for increasing the quality, innovation, and time-to-market of software solutions,” said Lou Shipley, President and CEO, Black Duck Software. “Black Duck customers have the competitive advantage of an in-depth knowledge of their source code and can easily adapt to security risks, like the recent Heartbleed vulnerability. Through the Black Duck Suite, enterprises gain greater control and visibility into where and how open source is used throughout the development lifecycle, mitigating risks and fully maximizing the benefits OSS offers.”

New Interface, Reporting, and Security Capabilities

Black Duck offers customers unparalleled insight into their open source code through the industry’s most comprehensive database of open source projects, the Black Duck KnowledgeBase. A range of newly added Black Duck Suite capabilities leverages years of experience analyzing code and assisting customers with OSS logistics solutions:

  • Analysis templates save time and simplify the open source reporting process, codifying best practices in OSS logistics.
  • Security data from the National Vulnerabilities Database (NVD) Common Vulnerabilities and Exposures (CVE) now includes base scoring, impact scoring, and exploitability scoring, making it easy to assess the impact of security vulnerabilities.
  • New dashboard allows for quick access to basic and advanced search capabilities, including enhanced search supported by Apache Solr for indexing the Black Duck KnowledgeBase and customer data.
  • An updated, graphical user interface incorporates user defined tagging functionality and other features to increase the flexibility of the Black Duck OSS Logistics solution.
  • Additional portfolio views provide an overview of key data such as top components, top licenses, and top programming languages currently in use in a customer’s software data.

Expanded Integration Set

OSS Logistics, delivered through the Black Duck Suite, gives your organization systematic control over the software development process by integrating with existing Integrated Development Environments (IDEs), Build and Continuous Integration (CI) tools, and reporting and repository management systems. In addition to existing integrations with JFrog Artifactory repository manager, IBM’s Rational Team Concert application lifecycle management solution, Maven builds, and the Coverity Connect software testing dashboard, Black Duck Suite 7 includes four new integrations:

  • Jenkins CI: Component discovery and approval is now integrated with the continuous build process
  • SonarQube: Key open source metrics are now available through SonarQube dashboards
  • Eclipse IDE: Developers can now access open source component meta-data directly from within Eclipse
  • Nexus: Component discovery and approvals are now available through Nexus

Black Duck Suite 7 is currently shipping and can be deployed as an on-premise solution or through a software-as-a-service (SaaS).

About Black Duck Software

Black Duck provides the world’s only end-to-end platform for OSS Logistics, enabling enterprises of every size to optimize the opportunities and solve the logistical challenges that come with open source adoption, governance, and management. As part of the greater open source community, Black Duck connects developers to comprehensive OSS resources through The Black Duck Open Hub (formerly Ohloh), and to the latest commentary from industry experts through the Open Source Delivers blog. Black Duck also hosts the Open Source Think Tank, an international event where thought leaders collaborate on the future of open source. Black Duck is headquartered near Boston and has offices in San Mateo, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul, and Beijing. For more information about how to leverage open source to deliver faster innovation, greater creativity, and improved efficiency, visit www.blackducksoftware.com and follow the company at @black_duck_sw.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize existing data center assets, leverage the advantages of cloud computing and avoid cloud vendor lock-in. This requires a globally aware traffic management strategy that can monitor infrastructure health across data centers and end-user experience globally, while responding to control changes and system specification at the speed of today’s DevOps teams. In his session at 20th Cloud Expo, Josh Gray, Chie...
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, shared examples from a wide range of industries – including en...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. Jack Norris reviews best practices to show how companies develop, deploy, and dynamically update these applications and how this data-first...
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
"At the keynote this morning we spoke about the value proposition of Nutanix, of having a DevOps culture and a mindset, and the business outcomes of achieving agility and scale, which everybody here is trying to accomplish," noted Mark Lavi, DevOps Solution Architect at Nutanix, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
Consumers increasingly expect their electronic "things" to be connected to smart phones, tablets and the Internet. When that thing happens to be a medical device, the risks and benefits of connectivity must be carefully weighed. Once the decision is made that connecting the device is beneficial, medical device manufacturers must design their products to maintain patient safety and prevent compromised personal health information in the face of cybersecurity threats. In his session at @ThingsExpo...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.