Development and DevOps Integrations
Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.
Trigger application security tests—like SAST and SCA—based on pipeline events including build, SCM check-in, preproduction unit testing, and more.
Enforce risk tolerance policies, establish security gates, and provide clear fix guidance to developers within their existing tools and workflows.
Deliver real-time risk insight and noncompliance alerts to avoid late-stage rework.
- IDE
- SCM
- Build
and CI - Package
manager - Binary
repository - Workflow and
notifications - Security
testing - Production
deployment
-
✕
- Black Duck
- Coverity
- Software Risk Manager
- Code Sight
- Polaris
- Seeker
The Code Sight IDE plug-in integrates SAST and SCA scans into the developer IDE, enabling developers to identify and fix vulnerabilities before committing code, saving time and improving code quality.
Eclipse
most popular
Upload binaries to Black Duck for static analysis. Review scan results from within Eclipse to remediate security findings in your apps.
IntelliJ IDEA
most popular
Upload binaries to Black Duck for static analysis. Review scan results from within Intellij to remediate security findings in your apps.
Visual Studio
most popular
Compile and upload apps to Black Duck for static analysis. Identify security findings, view datapath info, and get remedition guidance within Microsoft Visual Studio.
Android Studio
PhpStorm
Visual Studio
Eclipse IDE
PyCharm
Visual Studio Code
IBM
QNX Momentics Tool Suite
WebStorm
IntelliJ IDEA
RubyMine
Wind River
Black Duck's security tools integrate with leading source code management solutions to enable rapid scans on every pull or merge request to provide quick results and prevent issues from impacting other teams.
GitHub
Automate Black Duck SAST or SCA scanning of your application code from within GitHub.
GitLab logo
Automate Black Duck SAST or SCA scanning of our application code with GitLab.
Visual Studio
Black Duck Security Scan Pipe integrates Black Duck security testing into your Bitbucket pipeline.
GitHub
Azure DevOps
Azure Repos
Bitbucket
GitLab
Black Duck’s security tools integrate with leading build and CI tools to add security into CI/CD pipelines. Security teams can enforce policies by integrating scan results into quality gates, enabling them to break builds if violations occur.
Gitlab
Perform SAST or SCA scans on each new build with integration to GitLab templates.
GitHub
Perform SAST or SCA scans on each new build with integration GitHub Actions.
Jenkins
Black Duck Jenkins Plugin automates building, uploading, and scanning of application code in Jenkins pipelines.
AWS CodeBuild
CircleCI
sbt
GitHub
Azure DevOps
CloudBees
TeamCity
GitLab
Azure Pipelines
CodeShip
Gradle
Travis CI
Bamboo
Concourse
Jenkins
Wind River Studio
Black Duck works with package management tools to identify open source and third-party components in applications to help manage security, license, and component quality risks associated with dependencies.
Maven
Integrate Black Duck Static Analysis scanning with Apache Maven into existing build processes that you use in your SDLC.
Gogradle
Black Duck Static Analysis scanning with Gogradle into existing buid processes that you use in your SDLC.
npm
Integrate Static Analysis scanning with npm to seamlessly add static scanning into existing build processes that you use in your SDLC.
Bazel
Composer
Go Module CLI
Maven
Pip
Yarn
Bower
CPAN
Go Vndr
npm
Poetry
Yocto Project (YP)
Cargo
Conan
Gogradle
NuGet
Rebar3
CocoaPods
Conda
Lerna
Packrat
RubyGems
Black Duck integrates with binary repositories to host approved open source packages and store build artifacts to help developers identify source code and open source dependency violations to ensure code quality and compliance.
Artifactory
Identify source code and open source dependency violations in Artifactory repositories.
Nexus Repository
Scan docker images for threats with Black Duck Binary Analysis integration.
Amazon ECR
Streamline AppSec testing of images in Google containers.
Amazon ECR
Artifactory
Nexus Repository
Azure
Docker Registry
Black Duck integrates with popular notification and workflow management tools to flag vulnerabilities and send issues to downstream teams for resolution.
Jira Software
The Black Duck plugin for JIRA creates issues based on vulnerabilities and issue policy violations detected by Black Duck.
Secure Code Warrior
Black Duck and Secure Code Warrior provide an integrated solution to prevent security issues at the developer desktop to accelerate time to remediation.
Slack
The Black Duck plugin for Slack allows you to create Slack notifications based on vulnerabilities and policy violations detected by Black Duck.
Azure Boards
Secure Code Warrior
Bugzilla
Slack
Jira Software
SPDX
Microsoft Teams
Black Duck offers an open platform that can integrate with several third-party security testing tools, enabling organizations to consolidate SAST, SCA, DAST, Infrasec, CNAPP, IaC, and pen testing in one place.
Click here for a full list of our supported integrations.
Checkmarx
Black Duck’s ASPM solution can ingest vulnerability findings from Checkmarx into Polaris for a complete and centralized view of application risk posture across your organization.
Snyk
Black Duck’s ASPM solution can ingest vulnerability findings from Snyk into Polaris for a complete and centralized view of application risk posture across your organization.
Veracode
Black Duck’s ASPM solution can ingest vulnerability findings from Veracode into Polaris for a complete and centralized view of application risk posture across your organization.
Acunetix
Aqua
CxIAST
Clang
Contrast Assess
Errcheck
Fortify
Gendarme
HCL AppScan
JSHint
Netsparker
NowSecure INTEL
Parasoft C/C++test
PHP_CodeSniffer
Qualys Vulnerability Management (VM)
Scalastyle
Snyk Container
Staticcheck
Trustwave App Scanner
Veracode Static Analysis
WhiteSource
Q-mast
Anchore Enterprise
Arachni
CxSCA
Code Cracker
Cppcheck
Error Prone
Fortify
Gocyclo
Ineffassign
Microsoft
Nexus Lifecycle
NowSecure
Parasoft dotTEST
Qualys Web Application Scanning (WAS)
SD Elements
Snyk Open Source
Tenable.io
Veracode Dynamic Analysis
Vet
CoGuard - Infrastructure Security and Automation
IriusRisk Threat Modeling
Android Studio Lint
Brakeman
CxSAST
CodePeer
Dependency-Check
ESLint
Fortify WebInspect
Golint
JFrog Xray
Mobile Secure
Nmap
OCLint
Parasoft Jtest
Prisma Cloud
Retire.js
Security Code Scan
Snyk Open Source License Compliance Management
Tenable.sc
Veracode Manual Penetration Testing (MPT)
Vex
Cycode
Visual Studio Code Analysis
AppSecAI Expert Triage Automation
AppSpider
Burp Suite Enterprise Edition
Burp Suite Professional
Checkstyle
CodeSonar
Dependency-Track
Find Security Bugs
Gosec
Jlint
Nessus
NowSecure Auto
OWASP ZAP
PHP Mess Detector
Pylint
SafeSQL
SpotBugs
sqlmap
ThunderScan
Veracode Software Composition Analysis (SCA)
Vigilant Ops
Black Duck solutions integrate with leading production deployment tools to enable application releases that keep pace with development velocity, scale with organizations’ software footprint, and thoroughly test for quality.
Amazon Web Services
Deploy compliant code releases tested by Black Duck to the cloud with Amazon Web Services.
Google Cloud
Deploy compliant code releases tested by Black Duck to the cloud with Google Cloud.
Kubernetes
Deploy compliant containerized apps tested by Black Duck with Kubernetes.
Amazon Web Services (AWS)
Kubernetes (K8s)
Cloud Foundry
Microsoft Azure
Google Cloud
Red Hat OpenShift
IBM Cloud Pak for Applications
VMware Tanzu