Viewing risk in Black Duck

Black Duck helps you understand the type and severity of risks, at several levels of detail, across your projects. The data used to calculate risk is provided by Black Duck KB.

Use the following pages to identify and manage risk in projects:

Dashboard pages
Project version page/Components tab
Project version page/Security tab

Note that the security risk values shown use CVSS v3.x or CVSS v4.x scores, depending on which security risk calculation you selected; by default, CVSS v4.x scores are shown.

Dashboards

Dashboards provide a high-level overview of risk from different perspectives.

Note: Dashboards will not contain any project or component information until you create projects and then map scans to these projects or manually add components to BOMs. The risk information for the components in your project versions' BOMs will then appear on the Dashboard pages.

You can view the projects that interest you by using the Watching or My Projects dashboard or create a custom dashboard by saving your project search results.
Create a saved component search to view the components that interest you that are used in one or more projects.
Create a saved vulnerability search to view the vulnerabilities that interest you.
Use the Summary Dashboard to view the overall health of the projects you have permission to view and identify areas of concern.

Note:

The Dashboard page that appears when you log in depends on the last main dashboard (Dashboard or Summary) you viewed prior to previously logging out.
Click or the logo in the upper left corner of the navigation bar to view the last dashboard (Dashboard or Summary) you viewed.

Project version pages

Use the project version page/Components tab, also known as the project version BOM, to view the components, specific to that project version, that have security, license, and operational risk.
Use the project version page/ Security tab to view the security vulnerabilities of each severity associated with the components used in a project version.