Development and DevOps Integrations
Shipping secure, high-quality software at the speeds required by CI/CD pipelines and AI-generated coding is not possible when AppSec is tacked on to the end of development cycles—at least not without some concessions. That's why Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.
Black Duck’s suite of out-of-the-box DevOps integrations, plug-ins, and templates help enterprises to achieve three critical benefits.
Automate risk detection
Test everything as quickly as possible. Trigger application security tests—like SAST and SCA—based on pipeline events including build, SCM check-in, preproduction unit testing, and more.
Accelerate triage and remediation
Align development and security to fix issues faster. Enforce risk tolerance policies, establish security gates, and provide clear fix guidance to developers within the tools and workflows they already use.
Boost developer productivity
Let developers—and their AI assistants—work quickly. Deliver real-time risk insight and noncompliance alerts to avoid late-stage rework. Empower developers to focus on innovation without losing control over security.
By integrating Black Duck AppSec testing solutions into the SDLC and CI/CD pipelines, you establish closed-loop systems between security and development teams that ensure consistent visibility, optimize efficiency, and greatly reduce the window of opportunity for an attack.
- SCM
- IDE
- Package
manager - Build
and CI - Binary
repository - Workflow and
notifications - Security
testing - Vulnerability
management - Production
deployment
-
✕
- Black Duck
- Coverity
- Software Risk Manager
- Code Sight
- Polaris
- Seeker
Source code management (SCM) integrations
Azure DevOps
polaris coverity black duck seeker
GitLab
coverity polaris black duck
Integrated development environment (IDE) integrations
Android Studio
coverity
PhpStorm
code sight coverity
Visual Studio
software risk manager coverity code sight
Eclipse IDE
software risk manager coverity code sight
PyCharm
code sight coverity
Visual Studio Code
coverity code sight
IBM Engineering Workflow Management
coverity
QNX Momentics Tool Suite
coverity
WebStorm
code sight coverity
IntelliJ IDEA
software risk manager coverity code sight
RubyMine
code sight coverity
Wind River Workbench
coverity
Package manager integrations
Bazel
black duck
Composer
black duck
Go Module CLI
black duck
Maven
coverity black duck
Pip
black duck
Yarn
coverity black duck
Bower
coverity
Comprehensive Perl Archive Network (CPAN)
black duck
Go Vndr
black duck
npm
coverity black duck
Poetry
black duck
Yocto Project (YP)
black duck
Cargo
black duck
Conan
black duck
Gogradle
black duck
NuGet
black duck
Rebar3
black duck
CocoaPods
black duck
Conda
black duck
Lerna
black duck
Packrat
black duck
RubyGems
black duck
Build and CI integrations
AWS CodeBuild
black duck
CircleCI
black duck
sbt
black duck
GitHub
coverity polaris black duck
Azure DevOps
polaris coverity black duck seeker
CloudBees Software Delivery Automation
black duck
TeamCity
software risk manager black duck
GitLab
coverity polaris black duck
Azure Pipelines
tinfoil coverity black duck
CodeShip
black duck
Gradle
coverity black duck
Travis CI
black duck
Bamboo
tinfoil coverity black duck
Concourse
black duck
Jenkins
software risk manager coverity black duck seeker tinfoil
Wind River Studio
coverity
Binary repository integrations
Amazon Elastic Container Registry (ECR)
black duck
Google Container Registry
black duck
Artifactory
black duck
Nexus Repository
black duck
Azure Container Registry
black duck
Docker Registry
black duck
Workflow and notifications integrations
Azure Boards
black duck
Secure Code Warrior
software risk manager coverity seeker
Bugzilla
coverity
Slack
black duck seeker software risk manager
Jira Software
coverity black duck seeker polaris software risk manager
Software Package Data Exchange (SPDX)
black duck
Microsoft Teams
black duck software risk manager
Security testing integrations
Acunetix
software risk manager
Aqua Cloud Native Security Platform (CNAPP)
software risk manager
Checkmarx Interactive Application Security Testing (CxIAST)
software risk manager
Clang Static Analyzer
software risk manager
Contrast Assess
software risk manager
Errcheck
software risk manager
Fortify Software Security Center
software risk manager
Gendarme
software risk manager
HCL AppScan
software risk manager
JSHint
software risk manager coverity
Netsparker
software risk manager
NowSecure INTEL
software risk manager
Parasoft C/C++test
software risk manager
PHP_CodeSniffer
software risk manager
Qualys Vulnerability Management (VM)
software risk manager
Scalastyle
software risk manager
Snyk Container
software risk manager
Staticcheck
software risk manager
Trustwave App Scanner
software risk manager
Veracode Static Analysis
software risk manager
WhiteSource
software risk manager
Q-mast
software risk manager
Anchore Enterprise
software risk manager
Arachni
software risk manager
Checkmarx Software Composition Analysis (CxSCA)
software risk manager
Code Cracker
software risk manager
Cppcheck
software risk manager
Error Prone
software risk manager
Fortify Static Code Analyzer
software risk manager
Gocyclo
software risk manager
Ineffassign
software risk manager
Microsoft Threat Modeling Tool
software risk manager
Nexus Lifecycle
software risk manager
NowSecure Workstation
software risk manager
Parasoft dotTEST
software risk manager
phpcs-security-audit
software risk manager
Qualys Web Application Scanning (WAS)
software risk manager
SD Elements
software risk manager
Snyk Open Source
software risk manager
Tenable.io
software risk manager
Veracode Dynamic Analysis
software risk manager
Vet
software risk manager
CoGuard - Infrastructure Security and Automation
coverity
Android Studio Lint
software risk manager
Brakeman
software risk manager
Checkmarx Static Application Security Testing (CxSAST)
software risk manager
CodePeer
software risk manager
Dependency-Check
software risk manager
ESLint
software risk manager
Fortify WebInspect
software risk manager
Golint
software risk manager
JFrog Xray
software risk manager
Mobile Secure
software risk manager
Nmap
software risk manager
OCLint
software risk manager
Parasoft Jtest
software risk manager
Prisma Cloud
software risk manager
Retire.js
software risk manager
Security Code Scan (SCS)
software risk manager
Snyk Open Source License Compliance Management
software risk manager
Tenable.sc
software risk manager
Veracode Manual Penetration Testing (MPT)
software risk manager
Vex
software risk manager
Cycode
black duck coverity
AppSpider
software risk manager
Burp Suite
software risk manager
Checkstyle
software risk manager
CodeSonar
software risk manager
Dependency-Track
software risk manager
Find Security Bugs
software risk manager
GDS PMD Secure Coding Ruleset
software risk manager
Gosec
software risk manager
Jlint
software risk manager
Nessus
software risk manager
NowSecure Auto
software risk manager
OWASP Zed Attack Proxy (ZAP)
software risk manager
PHP Mess Detector (PHPMD)
software risk manager
Pylint
software risk manager
SafeSQL
software risk manager
SpotBugs
software risk manager coverity
sqlmap
software risk manager
ThunderScan
software risk manager
Veracode Software Composition Analysis (SCA)
software risk manager
Visual Studio Code Analysis
software risk manager coverity
IriusRisk Threat Modeling
software risk manager
Vulnerability management integrations
Deepfactor Developer Security
black duck
SonarQube
coverity software risk manager
Botprise
seeker
Nucleus
black duck
Production deployment integrations
Amazon Web Services (AWS)
seeker
Kubernetes (K8s)
black duck
Cloud Foundry
seeker
Microsoft Azure
black duck
Google Cloud
black duck
Red Hat OpenShift
black duck seeker
IBM Cloud Pak for Applications
black duck
VMware Tanzu
seeker