Development and DevOps Integrations

Shipping secure, high-quality software at the speeds required by CI/CD pipelines and AI-generated coding is not possible when AppSec is tacked on to the end of development cycles—at least not without some concessions. That's why Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.

Black Duck’s suite of out-of-the-box DevOps integrations, plug-ins, and templates help enterprises to achieve three critical benefits.

Automate risk detection

Test everything as quickly as possible. Trigger application security tests—like SAST and SCA—based on pipeline events including build, SCM check-in, preproduction unit testing, and more. 

Accelerate triage and remediation

Align development and security to fix issues faster. Enforce risk tolerance policies, establish security gates, and provide clear fix guidance to developers within the tools and workflows they already use.

Boost developer productivity

Let developers—and their AI assistants—work quickly. Deliver real-time risk insight and noncompliance alerts to avoid late-stage rework. Empower developers to focus on innovation without losing control over security.

By integrating Black Duck AppSec testing solutions into the SDLC and CI/CD pipelines, you establish closed-loop systems between security and development teams that ensure consistent visibility, optimize efficiency, and greatly reduce the window of opportunity for an attack.

  • SCM
  • IDE
  • Package
    manager
  • Build
    and CI
  • Binary
    repository
  • Workflow and
    notifications
  • Security
    testing
  • Vulnerability
    management
  • Production
    deployment
  • Black Duck
  • Coverity
  • Software Risk Manager
  • Code Sight
  • Polaris
  • Seeker

Source code management (SCM) integrations

Azure DevOps Server

Azure DevOps

polaris coverity black duck seeker

GitLab

GitLab

coverity polaris black duck

Integrated development environment (IDE) integrations

Android Studio

Android Studio

coverity

PhpStorm

PhpStorm

code sight coverity

Visual Studio

Visual Studio

software risk manager coverity code sight

Eclipse IDE

Eclipse IDE

software risk manager coverity code sight

PyCharm

PyCharm

code sight coverity

Visual Studio Code

Visual Studio Code

coverity code sight

IBM Engineering Workflow Management

IBM Engineering Workflow Management

coverity

QNX Momentics Tool Suite

QNX Momentics Tool Suite

coverity

WebStorm

WebStorm

code sight coverity

IntelliJ IDEA

IntelliJ IDEA

software risk manager coverity code sight

RubyMine

RubyMine

code sight coverity

Wind River Workbench

Wind River Workbench

coverity

Package manager integrations

Bazel

Bazel

black duck

Composer

Composer

black duck

Go Module CLI

Go Module CLI

black duck

Maven

Maven

coverity black duck

Pip

Pip

black duck

Yarn

Yarn

coverity black duck

Bower

Bower

coverity

Comprehensive Perl Archive Network (CPAN)

Comprehensive Perl Archive Network (CPAN)

black duck

Go Vndr

Go Vndr

black duck

NPM Logo - JavaScript Package Manager

npm

coverity black duck

Poetry

Poetry

black duck

Yocto Project (YP)

Yocto Project (YP)

black duck

Cargo

Cargo

black duck

Conan

Conan

black duck

Gogradle

Gogradle

black duck

NuGet

NuGet

black duck

Rebar3

Rebar3

black duck

CocoaPods

CocoaPods

black duck

Conda

Conda

black duck

Lerna

Lerna

black duck

Packrat

Packrat

black duck

RubyGems

RubyGems

black duck

Build and CI integrations

AWS CodeBuild

AWS CodeBuild

black duck

CircleCI

CircleCI

black duck

SBT

sbt

black duck

GitHub

GitHub

coverity polaris black duck

Azure DevOps Server

Azure DevOps

polaris coverity black duck seeker

Jenkins (commercial)

CloudBees Software Delivery Automation

black duck

TeamCity

TeamCity

software risk manager black duck

GitLab

GitLab

coverity polaris black duck

Azure Pipelines

Azure Pipelines

tinfoil coverity black duck

CodeShip

CodeShip

black duck

Gradle

Gradle

coverity black duck

Travis CI

Travis CI

black duck

Bamboo

Bamboo

tinfoil coverity black duck

Concourse

Concourse

black duck

Jenkins (open source)

Jenkins

software risk manager coverity black duck seeker tinfoil

Wind River Workbench

Wind River Studio

coverity

Binary repository integrations

Amazon Elastic Container Registry

Amazon Elastic Container Registry (ECR)

black duck

Google Container Registry

Google Container Registry

black duck

Artifactory

Artifactory

black duck

Nexus Repository

Nexus Repository

black duck

Azure Container Registry

Azure Container Registry

black duck

Docker Registry

Docker Registry

black duck

Workflow and notifications integrations

Azure Boards

Azure Boards

black duck

Secure Code Warrior

Secure Code Warrior

software risk manager coverity seeker

Bugzilla

Bugzilla

coverity

Slack

Slack

black duck seeker software risk manager

Jira Software

Jira Software

coverity black duck seeker polaris software risk manager

Software Package Data Exchange (SPDX)

Software Package Data Exchange (SPDX)

black duck

Microsoft Teams

Microsoft Teams

black duck software risk manager

Security testing integrations

Acunetix

Acunetix

software risk manager

Acunetix

Aqua Cloud Native Security Platform (CNAPP)

software risk manager

Acunetix

Checkmarx Interactive Application Security Testing (CxIAST)

software risk manager

Acunetix

Clang Static Analyzer

software risk manager

Acunetix

Contrast Assess

software risk manager

Acunetix

Errcheck

software risk manager

Acunetix

Fortify Software Security Center

software risk manager

Acunetix

Gendarme

software risk manager

Acunetix

HCL AppScan

software risk manager

Acunetix

JSHint

software risk manager coverity

Acunetix

Netsparker

software risk manager

Acunetix

NowSecure INTEL

software risk manager

Acunetix

Parasoft C/C++test

software risk manager

Acunetix

PHP_CodeSniffer

software risk manager

Acunetix

Qualys Vulnerability Management (VM)

software risk manager

Acunetix

Scalastyle

software risk manager

Acunetix

Snyk Container

software risk manager

Acunetix

Staticcheck

software risk manager

Acunetix

Trustwave App Scanner

software risk manager

Acunetix

Veracode Static Analysis

software risk manager

Acunetix

WhiteSource

software risk manager

Q-mast

Q-mast

software risk manager

Acunetix

Anchore Enterprise

software risk manager

Acunetix

Arachni

software risk manager

Acunetix

Checkmarx Software Composition Analysis (CxSCA)

software risk manager

Acunetix

Code Cracker

software risk manager

Acunetix

Cppcheck

software risk manager

Acunetix

Error Prone

software risk manager

Acunetix

Fortify Static Code Analyzer

software risk manager

Acunetix

Gocyclo

software risk manager

Acunetix

Ineffassign

software risk manager

Acunetix

Microsoft Threat Modeling Tool

software risk manager

Acunetix

Nexus Lifecycle

software risk manager

Acunetix

NowSecure Workstation

software risk manager

Acunetix

Parasoft dotTEST

software risk manager

Acunetix

phpcs-security-audit

software risk manager

Acunetix

Qualys Web Application Scanning (WAS)

software risk manager

Acunetix

SD Elements

software risk manager

Acunetix

Snyk Open Source

software risk manager

Acunetix

Tenable.io

software risk manager

Acunetix

Veracode Dynamic Analysis

software risk manager

Acunetix

Vet

software risk manager

Acunetix

CoGuard - Infrastructure Security and Automation

coverity

Acunetix

Android Studio Lint

software risk manager

Acunetix

Brakeman

software risk manager

Acunetix

Checkmarx Static Application Security Testing (CxSAST)

software risk manager

Acunetix

CodePeer

software risk manager

Acunetix

Dependency-Check

software risk manager

Acunetix

ESLint

software risk manager

Acunetix

Fortify WebInspect

software risk manager

Acunetix

Golint

software risk manager

Acunetix

JFrog Xray

software risk manager

Acunetix

Mobile Secure

software risk manager

Acunetix

Nmap

software risk manager

Acunetix

OCLint

software risk manager

Acunetix

Parasoft Jtest

software risk manager

Acunetix

Prisma Cloud

software risk manager

Acunetix

Retire.js

software risk manager

Acunetix

Security Code Scan (SCS)

software risk manager

Acunetix

Snyk Open Source License Compliance Management

software risk manager

Acunetix

Tenable.sc

software risk manager

Acunetix

Veracode Manual Penetration Testing (MPT)

software risk manager

Acunetix

Vex

software risk manager

Cycode

Cycode

black duck coverity

Acunetix

AppSpider

software risk manager

Acunetix

Burp Suite

software risk manager

Acunetix

Checkstyle

software risk manager

Acunetix

CodeSonar

software risk manager

Acunetix

Dependency-Track

software risk manager

Acunetix

Find Security Bugs

software risk manager

Acunetix

GDS PMD Secure Coding Ruleset

software risk manager

Acunetix

Gosec

software risk manager

Acunetix

Jlint

software risk manager

Acunetix

Nessus

software risk manager

Acunetix

NowSecure Auto

software risk manager

Acunetix

OWASP Zed Attack Proxy (ZAP)

software risk manager

Acunetix

PHP Mess Detector (PHPMD)

software risk manager

Acunetix

Pylint

software risk manager

Acunetix

SafeSQL

software risk manager

Acunetix

SpotBugs

software risk manager coverity

Acunetix

sqlmap

software risk manager

Acunetix

ThunderScan

software risk manager

Acunetix

Veracode Software Composition Analysis (SCA)

software risk manager

Acunetix

Visual Studio Code Analysis

software risk manager coverity

IriusRisk Threat Modeling

IriusRisk Threat Modeling

software risk manager

Vulnerability management integrations

Acunetix

Deepfactor Developer Security

black duck

SonarQube

SonarQube

coverity software risk manager

Botprise

Botprise

seeker

Botprise

Nucleus

black duck

Production deployment integrations

Amazon Web Services (AWS)

Amazon Web Services (AWS)

seeker

Kubernetes (K8s)

Kubernetes (K8s)

black duck

Cloud Foundry

Cloud Foundry

seeker

Microsoft Azure

Microsoft Azure

black duck

Google Cloud

Google Cloud

black duck

Red Hat OpenShift

Red Hat OpenShift

black duck seeker

IBM Cloud Pak for Applications

IBM Cloud Pak for Applications

black duck

VMware Tanzu

VMware Tanzu

seeker