Accelerate onboarding and testing of GitHub repos with the Black Duck Security app
Aug 19, 2025 / 2 min read
We're excited to announce the availability of the Black Duck Security GitHub app, now available in the GitHub Marketplace. This app streamlines the onboarding and continuous synchronization of GitHub repositories with Black Duck Polaris™ Platform, Black Duck® SCA, and Coverity® Static Analysis, enabling development and security teams to easily configure and automate static application security testing (SAST) and software composition analysis (SCA) scans at scale.
Fast and effective testing is increasingly crucial, as AI-powered coding assistants such as GitHub Copilot accelerate the pace of development and increase the likelihood of defects and vulnerabilities slipping through the cracks. Despite these advancements and the ever-present pressure to deliver new features and updates faster, organizations must ensure the quality of their software doesn’t suffer.
The GitHub platform offers many advantages for development productivity and efficiency, but many organizations need more comprehensive code scans than what the platform provides to ensure their applications are free of critical coding defects or out-of-date open source components that may introduce security vulnerabilities.
The Black Duck Security GitHub app makes it easy for organizations to integrate all their GitHub repositories with Coverity, Black Duck SCA, and Polaris. Fast and accurate security scans are automatically configured to run on code commits and/or pull requests, with vulnerability descriptions and remediation guidance added as PR comments right within GitHub workflows. This enables development and security teams to gain best-in-class application security while maintaining development velocity—without ever leaving their GitHub environments.
The Black Duck Security app capabilities include
- Bulk onboarding and continuous synchronization. This accelerates the process of adding and maintaining automated security scanning to GitHub repositories across an organization’s full portfolio.
- Automated SAST and SCA scans. Scans can be triggered by code commits and pull requests, with automated fix pull requests and scan results available as PR comments. This improves application security and accelerates developer productivity by providing actionable feedback within their preferred GitHub workflows.
- Scalable security testing. This makes it easy to automate policy-based security scans across your entire portfolio. Policies can be configured to break builds and flag violations when they occur.
As businesses increase AI adoption and discover new ways to drive innovation and speed up their development processes, the importance of fast and effective application security becomes even more critical. The Black Duck Security GitHub app helps organizations strike this crucial balance while reaping the benefits of working within their preferred GitHub workflows. This ensures security remains a top priority without sacrificing delivery speed or the quality of their applications.
