Black Duck, Inc.
Member Since: 2024 
800 District Ave
Burlington MA 01803

Telephone:
  

Email:

Business Focus:
Application Security Testing

Products/Services:
? Software composition analysis (SCA). Black Duck Polaris? fAST SCA (SaaS) and Black Duck® SCA (on premises) detect and manage open source and third-party component risks and produce the Software Bill of Materials (SBOM) required for software supply chain initiatives and regulatory requirements. Black Duck uniquely identifies open source in container images and binaries, and it can identify code snippets and licensing issues introduced by AI code-generation tools. ? Static application security testing (SAST). Polaris fAST Static provides a SaaS solution that is readily integrated into development workflows. Coverity® Static Analysis provides on-premises support that extends coverage to critical quality defects and regulatory and compliance testing. Both solutions detect security weaknesses in your proprietary code and infrastructure-as-code files early in the software development life cycle, when they?re least expensive to remediate. ? Dynamic application security testing (DAST). Polaris fAST Dynamic is a SaaS-based, innovative solution providing preproduction dynamic analysis for modern development environments and languages. Black Duck® Continuous Dynamic safely and efficiently performs continuous dynamic analysis on production applications, testing software in the same state as attackers. ? Seeker® Interactive Analysis. Our interactive application security testing (IAST) solution gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards. It enables security teams to identify and track sensitive data to ensure that is it handled securely and not stored in log files or databases with weak or no encryption. ? Application security posture management (ASPM). Software Risk Manager? creates a single source of truth for AST by providing a unified repository for the findings of over 150+ testing solutions, delivering a centralized view of software risk for your agency?what was tested, what was found, and what was fixed. Software Risk Manager gives developers prioritized guidance on what to fix first, helping them make sense of the growing volume of findings.

Clients:
Federal Civilian Government, The Department of Defense, Academia, State and Local Government

Access to Contract Vehicles:
NASA SEWP V, ITES-SW2