Find and fix open source vulnerabilities with the Black Duck Hub
The Black Duck Hub helps security and development teams identify and mitigate open source related risks across an application portfolio. Use the Black Duck Hub to:
- Scan code to identify specific open source in use
- Automatically map known vulnerabilities to open source in use
- Triage – assess risk and prioritize vulnerabilities
- Schedule and track remediation
- Identify licenses and community activity
Gaining visibility into what open source is in your codebase is the first step in securing open source. Visibility means knowing not only what open source libraries are in use, but also where and how they are used. The Black Duck Hub continuously scans your code to identify specific open source libraries and versions. Updated regularly from the National Vulnerability Database (NVD) and from VulnDB, a more comprehensive and timely vulnerability database, the Black Duck® KnowledgeBase™ maps the open source libraries with critical metadata on vulnerabilities, licensing, community activity, and versions.
The Black Duck Hub continuously scans your projects for newly introduced open source, and helps you manage security vulnerabilities before they become problems. It enables you to review and prioritize vulnerabilities, assign remediation dates, and track closure. Black Duck Hub automatically monitors for new vulnerabilities that are later reported against open source libraries in use within your applications, enabling you to quickly respond to newly identified vulnerabilities.
- Identify open source in code, binaries, and containers
- Map known vulnerabilities in your applications
- Assess license and community activity risk
- Review risk metrics and impact of vulnerabilities
- Assess impact and prioritize actions
- Triage, schedule, and track remediation
- Monitor for new vulnerabilities
- Create and enforce open source usage policies
- Manage approval requests and exceptions
- Black Duck Hub is the open source security management tool which incorporates VulnDB.
- 40% more vulnerabilities than the National Vulnerability Database (NVD)
- Vulnerabilities posted three weeks sooner than NVD
- Deeper vulnerability analysis than NVD alone
About Black Duck Software
Black Duck Software is the partner of choice for open source software adoption, governance and management. Enterprises of every size depend on their products to harness the power of open source technologies and methods. As part of the greater open source community, Black Duck Software connects developers to comprehensive resources through Open Hub, and to the latest commentary from industry experts through the Open Source Delivers blog. More details…
Find our more…
For more information on how the Black Duck Hub can help your organisation identify and mitigate open source related risks please complete the form below.