What is Black Duck SCA
Black Duck SCA is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications, containers, and infrastructure-as-code (IaC).
Black Duck SCA Integration with Opsera
- Gain Deep Vulnerability Insight. Access in-depth security risk insights provided by the Cybersecurity Research Center (CyRC).
- Find and fix your highest-priority vulnerabilities quickly help avoid being caught off-guard by open source vulnerabilities, both in development and production. Provide critical data necessary to prioritize vulnerabilities for remediation, such as exploit info, remediation guidance, severity scoring, and call path analysis.
- Integrate DevSecOps and automate open source governance set threasholds and guardrails within Opsera pipelines. Security risk, and license compliance up front, and automate enforcement across the software development life cycle (SDLC) with the tools your developers already use.
- Continuous integration Black Duck SCA integrations allow you to configure and automate scanning as part of your CI build process. Scan results are visible within Opsera user interface. Open source application security, license, and use policies defined in Black Duck SCA can be configured to show alerts within the CI tool or fail a build, allowing you to configure enforcement based on project type and build phase.
Resources
