Black Duck scans your projects and containers for open source, either as source or as binaries, helping you manage security vulnerabilities and licensing risks before they become problems. It enables you to review and prioritize vulnerabilities, assign remediation dates, and track closure. Black Duck also checks the licenses for risk levels and verifies use against company policies. After the scan, Black Duck continuously monitors for new vulnerabilities reported against open source libraries in use within your applications, enabling you to quickly respond to newly identified vulnerabilities.
Code Sight is an IDE plug-in that helps developers address security defects in real time as they code, so they can quickly find and fix security risks in source code, open source dependencies, API calls, and infrastructure-as-code (IaC) files before code commit and integration.
Coverity finds critical defects and security vulnerabilities in software during development, before it reaches customers. It helps developers save time by finding issues early, and helps manage risk to enable better release decisions. Coverity supports over a dozen programming languages and a broad range of defect and vulnerability types.
Defensics is a comprehensive, powerful, and automated black box solution that enables you to effectively and efficiently discover and remediate security weaknesses in software. By taking a systematic and intelligent approach to negative testing, Defensics allows you to ensure software security without compromising on product innovation, increasing time to market, or inflating operational costs.
Polaris is an integrated, cloud-based application security testing solution optimized for the needs of development and DevSecOps teams. Polaris brings our market-leading security analysis engines together in a unified platform, giving teams the flexibility to run different tests at different times based on application, project, schedule, or SDLC events.
Seeker, our interactive application security testing (IAST) solution, gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). Seeker’s seamless integration into CI/CD workflows enables fast IAST at DevOps speed.
Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.
Learn more about Software Risk Manager
Continuous Dynamic is a SaaS dynamic application security testing (DAST) solution that identifies readily exploitable vulnerabilities in web applications. Continuous Dynamic is production-safe and can be run continuously to help teams find vulnerabilities before hackers do.