Integration Partner:

BlackDuck by Synopsys

Software Composition Analysis for Open Source Libraries

Black Duck’s application security suite integrations give users a “single pane of glass” view of application vulnerabilities across both the custom code and open source components that make up their applications. By cross referencing the code libraries used in the container against the National Vulnerability Database (NVD) and Black Duck’s expanded library of vulnerability data security, teams are able to quickly identify vulnerabilities as they are introduced.

Create a Unified View of Your Application Security Program with Black Duck Hub and ThreadFix

Presented: December 16, 2020

A common problem in vulnerability remediation can occur as a result of the normal development process. Dev teams who utilize open source code libraries to speed up the development process inadvertently introduce new vulnerabilities, adversely affecting the organization’s security posture.

Learn how to create a single, unified view of your application security program across traditional SAST/DAST & IAST and manual testing processes by integrating ThreadFix with Black Duck Hub.

This Webinar Demonstrates How To:

  • Identify security issues associated with open source component usage
  • Detect security issues created by internally-developed components
  • Provide a comprehensive view of your organization’s application security posture

Integration Features

Define Policies for Secure Production

Set security policies for open source use, security risk, and license compliance from the start to identify & avoid vulnerabilities as you code.

Leverage SAST + SCA Scanning Insights

Combining static application security testing (SAST) with software composition analysis (SCA) allows you to improve build quality & lower remediation costs with early identification of issues in your source code.

Automate DevOps Testing

Schedule scans & set pass/fail standards for when builds need to be stopped and vulnerabilities passed back to developers as defects.

Comply with Open Source Licenses

Identify vulnerable components by mapping them against Black Duck’s library of over 2700 licensed tracked in its knowledgebase.

Partner Resources