Viewing product registration information

Your registration ID

Status and expiration date and time

Number of users

Number of projects

Number of project versions

Number of codebase KBs/MBs/GBs

Number of scans

Maximum scan size

Full Snippet Scanning

Full snippet scanning enables the scan cli option for --full-snippet-scan which performs snippet scanning on all files regardless of any signature matches including all files even if unmodified from last scan. This option has a significant performance and scalability impact and should only be used in extreme situations.

Artifactory Integration

Artifactory Integration is a service that enables scanning of artifacts within a set of configured repositories to identify open source components, using data gathered by Component Scanning.

Black Duck Binary Analysis

Black Duck Binary Analysis (BDBA) is a service that provides enhanced interrogation of binaries to surface the open source components within open source. It also supports expanded file type support including various firmware formats, filesystem/disk images, installation formats and various compression and archive formats.

Black Duck Secure Container (BDSC)

Black Duck Secure Container scanning provides capabilities to identify components within container images, their layers and base images.

Black Duck Security Advisory

The Black Duck Security Advisory (BDSA) is a Black Duck-exclusive vulnerability data feed, sourced and curated by our Security Research team which is part of the Black Duck COSRI (Centre of Open Source Research & Innovation). A BDSA offers deeper coverage for a wider set of vulnerabilities than is available through the NVD (National Vulnerability Database), providing detailed vulnerability insight including severity, impact, exploitability metrics and actionable remediation guidance. The BDSA data for new vulnerabilities is reported an average of three weeks earlier than the NVD's reported data.

Component Scanning

Component Scanning automates the discovery and identification of OSS components in a scan to provide metadata such as license type, security vulnerabilities, and OSS project health for those components. Component scans can be linked to internal project versions to automatically generate BOMs.

Cryptography

Cryptography Management enables the display of cryptographic algorithms, and additional metadata, that are contained in open source components. This data is used to support compliance to security standards and legal export regulations.

License Management

License Management is the feature which allows Black Duck users to edit and maintain the data which can be used to create accurate and compliant open source notice files/reports at a Project/Release level.

Match as a Service

Match as a Service (MaaS) is a service that identifies OSS components, using data gathered by Component Scanning.

Notifications

Black Duck notifications alert your teams when vulnerabilities change or there are policy violations. Your organization can integrate with other platforms using the Notification API.

OSS Notices Report

The Notices Reports feature allows users to create notices (or attribution) reports for their projects. The notice files can then be included with the distribution or incorporated into documentation to satisfy the attribution obligation that exists in the vast majority of open source licenses.

Policy Management

The Policy Management feature enables companies to define rules to govern their use of open source components. With these rules, open source usage can be managed on an exception basis, i.e, as long as open source components meet the policy requirements their usage is allowed, thereby speeding time to market and freeing developers from a cumbersome approval process. Any open source components/versions that fail to meet policy are flagged, enabling a review process to determine if the use of the component should be allowed in the particular application.

ReversingLabs

Using complex binary analysis powered by ReversingLabs, developers and DevOps teams can analyze first party, open source, and commercial software to identify the presence of threats such as malware, maldocs, suspicious files, potentially unwanted applications (PUAs), protestware, and suspicious file structure malformations to help avoid dangerous software supply chain attacks.

Risk Management

Risk Management enables the identification, notification, and remediation of the security, license, and operational risks associated with the OSS components used in your internal projects.

SBOM Custom Component Auto-Creation

SBOM Custom Component Auto-Creation enables custom components to be created automatically if they do not match to an existing KB or custom component upon SBOM import. A Package URL (PURL) must be supplied for the component in the SBOM in order for the custom component to be automatically created.

SCM Integration

SCM Integration enables the configuration and authentication of Source Code Management (SCM) providers. It allows mapping, scanning, and management of SCM repositories in projects. The SCM integration feature must be enabled on your registration key for this to appear on the Product Registration list.

Snippets

This feature enables the option to invoke optimized scans of source files which find OSS usage at the file or code snippet level. These scans work in conjunction with a component scan to produce the best possible Bill of Materials (BOM) for a project. Once discovered, matches can be reviewed and added to a project BOM which pulls in the associated metadata for the component.