What is Black Duck SCA?
Black Duck software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.
Company Details
Need Assistance?
We're here to help you with understanding our reports and the data inside to help you make decisions.
Get AssistanceBlack Duck SCA Ratings
Real user data aggregated to summarize the product performance and customer experience.
Download the entire Product Scorecard
to access more information on Black Duck SCA.
Product scores listed below represent current data. This may be different from data contained in reports and awards, which express data as of their publication date.
91 Likeliness to Recommend
1
Since last award
82 Plan to Renew
18
Since last award
85 Satisfaction of Cost Relative to Value
4
Since last award
Emotional Footprint Overview
Product scores listed below represent current data. This may be different from data contained in reports and awards, which express data as of their publication date.
+91 Net Emotional Footprint
The emotional sentiment held by end users of the software based on their experience with the vendor. Responses are captured on an eight-point scale.
How much do users love Black Duck SCA?
Pros
- Helps Innovate
- Continually Improving Product
- Trustworthy
- Unique Features
How to read the Emotional Footprint
The Net Emotional Footprint measures high-level user sentiment towards particular product offerings. It aggregates emotional response ratings for various dimensions of the vendor-client relationship and product effectiveness, creating a powerful indicator of overall user feeling toward the vendor and product.
While purchasing decisions shouldn't be based on emotion, it's valuable to know what kind of emotional response the vendor you're considering elicits from their users.
Footprint
Negative
Neutral
Positive
Feature Ratings
Policy Engine and Enforcements
SDLC Integration
Software Composition Analysis (SCA)
Dynamic Application Security Testing (DAST)
Mobile Application Security Testing
Interactive Application Security Testing (IAST)
False Positive Remediation
Integrated Development Environment (IDE) plug-in
Risk Scoring
Static Application Security Testing (SAST)
Container Security Testing
Vendor Capability Ratings
Ease of IT Administration
Ease of Data Integration
Availability and Quality of Training
Vendor Support
Business Value Created
Breadth of Features
Ease of Customization
Quality of Features
Product Strategy and Rate of Improvement
Ease of Implementation
Usability and Intuitiveness
Black Duck SCA Reviews
Adnan K.
- Role: Information Technology
- Industry: Engineering
- Involvement: End User of Application
Submitted Nov 2024
Black Duck - leader in application security testin
Likeliness to Recommend
What differentiates Black Duck SCA from other similar products?
Real-Time Alerts and Notifications
What is your favorite aspect of this product?
snippet scanning
What do you dislike most about this product?
Higher Cost for Licensing and Deployment. Black Duck is often considered a premium solution, and its cost can be a barrier for smaller teams or companies. License costs can grow significantly with larger codebases and complex configurations.
What recommendations would you give to someone considering this product?
Synopsys software integrity group is now operating as an independent company - Black Duck. This product is no longer a part of Synopsys offering.
Pros
- Enables Productivity
- Trustworthy
- Unique Features
- Altruistic
Ram S.
- Role: Information Technology
- Industry: Engineering
- Involvement: IT Development, Integration, and Administration
Submitted Apr 2026
Comprehensive open source security tool
Likeliness to Recommend
What differentiates Black Duck SCA from other similar products?
Strong focus on open source (SCA) security and license compliance Extensive vulnerability and component knowledge base Accurate detection of open source dependencies (including transitive)
What is your favorite aspect of this product?
Deep visibility into open source risks and licenses Reliable and accurate dependency detection Clear policy-based risk management
What do you dislike most about this product?
Setup and onboarding can be complex Scans may take time on large codebases UI can feel less intuitive in some areas
What recommendations would you give to someone considering this product?
Start with policy configuration before running scans Integrate early into CI/CD for better results Train teams on license compliance and security usage
Pros
- Performance Enhancing
- Inspires Innovation
- Caring
- Saves Time
Ajit J.
- Role: Information Technology
- Industry: Technology
- Involvement: End User of Application
Submitted Apr 2026
Great for Open-Source Risk Visibility
Likeliness to Recommend
What differentiates Black Duck SCA from other similar products?
Its deep dependency and snippet scanning with strong SDLC integrations helps uncover risks that many basic SCA tools miss
What is your favorite aspect of this product?
quickly highlights vulnerable components and makes prioritization easier for the team.
What do you dislike most about this product?
Initial setup can feel a bit complex, and large scans may take extra time in bigger environments.
What recommendations would you give to someone considering this product?
teams working heavily with open-source libraries and looking for strong governance, SBOM visibility, and CI/CD security checks.
Pros
- Continually Improving Product
- Reliable
- Performance Enhancing
- Trustworthy
