If its being used out of the box and theres no need for any changes or more. Black duck software announced today the availability of black duck code center software to help manufacturers accelerate software development through the managed use of open source and thirdparty code. The php knowledge base open source project on open hub. Android and enterprise benefit from mobile open source. Black duck software composition analysis sca synopsys. The black duck knowledge base covers on the order of 160,000. Black duck software announced this morning that codeplex projects are now searchable via and have also been incorporated into its open source knowledge base repository. It enabled software developers to easily search and browse source code in thousands of projects posted at hundreds of open source repositories. Built on the black duck knowledgebasethe most comprehensive database of open source component, vulnerability, and license informationblack duck software composition analysis solutions and open source audits give you the insight you need to track the open source in your code, mitigate security and license compliance risks, and automatically enforce open source policies using your. Built on the black duck knowledgebasethe most comprehensive database of open source component, vulnerability, and license informationblack duck. Its companion service, black duck protexipregistry, enables software vendors to place their code in the knowledge base, after it has been scanned for ip violations by the protexipdevelopment. Black duck gives development, operations, procurement, and security teams the tools they need to minimize the security, compliance, and code quality risks of open source and other thirdparty software, while still realizing the benefits that come with it.
Black duck offers developers a new tool to manage code. According to black duck knowledge base, the gplv2 is the second most popular license, adopted by 14 percent of oss projects. The gplv3 used by ethereum is the updated version of the gplv2. So, if you look at black duck s history, weve been talking about license. This software covers over more than 530 billion lines of open source code from more than 900 websites, repositories, and forges. The black duck product uses a 50gb knowledge base, which is updated with new code from the opensource community through the use of spiders. The industrys most comprehensive database of open source project, license, and security information. The black duck knowledgebase is the industrys most comprehensive database of open source information. Compliancemanagement solution protexip is now available as an ondemand subscription, rendering it an affordable choice for small isvs. Open source code quality analysis black duck software. It would feature full text search, authentication and authorization hide sections of the tree, html documents could be uploaded, and an included html editor to allow authoring and editing of knowledge base articles directly in the application. Blackduck suite share and discover knowledge on linkedin. Black duck software managing and securing your open source.
As part of our open source security services, black duck performs an open source and thirdparty code audit from which a bill of. So far, black duck has not set any policy on whether more ads will be displayed on the site. Palamida, black duck advance ip wares at linuxworld. The kb is updated realtime with open source project and component updates. Black duck software, a provider of software compliance management solutions, has released transactiptm, a new hosted solution that evaluates the integrity of software code as part of due diligence before a software asset is purchased. Black duck knowledgebase kb is the worlds largest knowledge base of open source components and their risks. Ken hampson principal software engineer, black duck knowledge base at synopsys inc greater boston area computer software. Code center manages software component selection, project approval and license tracking designed to maximize benefits to organizations from their reuse of open source and other thirdparty. Black duck software releases major update to knowledgebase. The main difference between black duck and other solutions is the way the software identifies the open source. Identify and inventory open source software used in applications map to known vulnerabilities and license requirements continuously monitor and alert for new open source vulnerabilities assist teams in remediation with orchestration and policy enforcement. Android, ios attracted open source developers in 2010 pc. We are working in improving open source culture in our company and customers. This is built by an expert team who continually curates and validates data amassed from a multitude of sites and forges.
In addition to identifying potential license issues, a black duck open source software security audit provides insight into other risks in your organizations code base and a highlevel action plan to help prioritize research and potential remediation across the various categories of risk. Built on the black duck knowledgebasethe most comprehensive database of open source component, vulnerability, and license information black duck software composition. Black duck hub is an open source management software for web developers to discover, monitor and manage open source security vulnerabilities and license compliance. Now, licensing detection software vendor black duck is jumping into the fray by providing a public resource that includes the benefit of black duck efforts detailing open source license usage. Black duck software composition analysis secure and manage open source throughout the software supply chain overview black duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers.
The black duck knowledgebase tm is the backbone of the open source security and management solutions from synopsys. Black duck moves ip protection to the lawyers office. Android, ios attracted open source developers in 2010. Black duck is an open source knowledge base software for security vulnerabilities and license compliance. For the avoidance of doubt, the appendices econfinance audit summary. It is maintained by the synopsys cybersecurity research center cyrc, the industrys most experienced team of open source experts. A black duck open source security audit provides an actionable, comprehensive list of security, legal, and operational risks associated with open source components currently in use within your companys code base s. The set up is onpremises but the knowledge base is through the cloud. To learn more about the black duck hub api, visit their page te.
The koders site covers about 80,000 open source projects. In total, the black duck knowledge base holds approximately 71 gigabytes of code, levin said. Black duck software powers, a code search engine for opensource, and, a free public directory of opensource software. Black duck hub enables users to automate the process of securing open source software and managing security vulnerabilities and open source license compliance and operational risk with scanning, monitoring. No code available to analyze open hub computes statistics on foss projects by examining source code and commit history in source code management systems. Black duck software composition analysis combines versatile open source risk management and deep binary inspection in a bestinclass solution. Intel corporation we selected black duck because its knowledge base of open source software and the maintenance of that knowledge base were more robust than other solutionsand the more robust the knowledge base, the lower the risk that licensed software. The big legal issue blockchain developers rarely discuss. Black duck report means the professional services analysis issued by black duck software inc. Black duck software reports strongest first quarter in. Black duck hub is a very good tool for awareness about legal, security and operational risks in using open source components. The broker exposes the black duck scanning service on the marketplace and allows users to directly create service instances and bind them to their applications either from tanzu apps manager or from. We have a spider group with manual and automated tools that has resulted in the knowledge base, douglas levin, president and ceo of black duck. The solutions are designed based on the black duck knowledgebase which is a complete database of open source license information, component, and.
The black duck service broker for tanzu enables software teams to easily add the scanning service from tanzu apps manager or from the command line. Black duck is announcing that its protexip knowledge base has been expanded recently by more than 10,000 commercial product versions from more than 1,000 companies. Palamida, black duck advance ip wares was originally published by infoworld. Our engineering team will be reaching out to better understand your ease of use issues, including any specific feedback on licensing and analysis workflow required.
Black duck report legal definition of black duck report. Prnewswire today at the android developer conference andevcon iii, black duck software announced an analysis of open source mobile project data which. A very good thing is that it provide features for code scanning. Ken hampson principal software engineer, black duck. For over 15 years, security, development, and legal teams around the globe have relied on black duck to help them manage the risks that come with the use of open source. Black duck software announced today the availability of black duck code center software to help manufacturers accelerate software development through the managed use of. An open source quality analysis evaluates key software quality criteria such as code reliability, efficiency, and maintainability to help organizations manage operational risk, reduce support costs, and anticipate. Black duck hub enables users to automate the process of securing open source software and managing security vulnerabilities and open source license compliance and operational risk with scanning, monitoring, alerting technology. The olliance group, a black duck company, provides strategy and consulting related to opensource software. Black duck software releases major update to knowledgebase, industrys most extensive database of open source code components. On april 28, 2008, it was announced that black duck software would acquire. Black duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the black duck knowledge base and lists all the vulnerabilities and license issues in the code. With black duck hub, businesses can access a vast knowledge base regarding open source codes and software.