Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.

Automate risk detection

Trigger application security tests based on pipeline events including build, SCM check-in, preproduction unit testing, and more.

Accelerate triage and remediation

Enforce risk tolerance policies, establish security gates, and provide clear fix guidance to developers within their existing tools and workflows.

Boost developer productivity

Deliver real-time risk insight and noncompliance alerts to avoid late-stage rework.
IDE
SCM
Build and CI
Package manager
Binary repository
Workflow and notifications
Security testing
Production deployment
IDE

Integrated development environment (IDE) integrations

The Code Sight IDE plug-in integrates SAST and SCA scans into the developer IDE, enabling developers to identify and fix vulnerabilities before committing code, saving time and improving code quality.

Eclipse logo
software risk manager, coverity, code sight

Eclipse

Upload binaries to Black Duck for static analysis. Review scan results from within Eclipse to remediate security findings in your apps.
IJ logo
software risk manager, coverity, code sight

IntelliJ IDEA

Upload binaries to Black Duck for static analysis. Review scan results from within Intellij to remediate security findings in your apps.
Visual Studio logo
Software risk manager, coverity code sight

Visual Studio

Compile and upload apps to Black Duck for static analysis. Identify security findings, view datapath info, and get remedition guidance within Microsoft Visual Studio.
Android Studio
Coverity

Android Studio

PyCharm
code sight, coverity

PyCharm

IBM Engineering Workflow Management
Coverity

IBM

RubyMine
code sight coverity

RubyMine

PhpStorm
Code sight, Coverity

PhpStorm

Visual Studio Code
coverity, code sight

Visual Studio Code

QNX Momentics Tool Suite
Coverity

QNX Momentics Tool Suite

Wind River Workbench
Coverity

Wind River

WebStorm
code sight, coverity

WebStorm

SCM

Source Code Management (SCM) integrations

Black Duck's security tools integrate with leading source code management solutions to enable rapid scans on every pull or merge request to provide quick results and prevent issues from impacting other teams.

Github logo
coverity, polaris, black duck

GitHub

Automate Black Duck SAST or SCA scanning of your application code from within GitHub.
GitLab logo
coverity, polaris, black duck

GitLab

Perform SAST or SCA scans on each new build with integration to GitLab templates.
Bitbucket logo
coverity, software risk manager

Bitbucket

Black Duck Security Scan Pipe integrates Black Duck security testing into your Bitbucket pipeline.
Azure DevOps Server
polaris, coverity, black duck seeker

Azure DevOps

Azure Repos
coverity

Azure Repos

Build and CI

Build and CI integrations

Black Duck’s security tools integrate with leading build and CI tools to add security into  CI/CD pipelines.  Security teams can enforce policies by integrating scan results into quality gates, enabling them to break builds if violations occur.

Github logo
Coverity, Polaris, Black Duck

GitHub

Automate Black Duck SAST or SCA scanning of your application code from within GitHub.
GitLab logo
coverity, polaris, black duck

GitLab

Perform SAST or SCA scans on each new build with integration to GitLab templates.
Jenkins logo
software risk manager, coverity, black duck, seeker, tinfoil

Jenkins

Black Duck Jenkins Plugin automates building, uploading, and scanning of application code in Jenkins pipelines.
AWS CodeBuild
black duck

AWS CodeBuild

Azure DevOps Server
polaris, coverity, black duck, seeker

Azure DevOps

Azure Pipelines
tinfoil, coverity, black duck

Azure Pipelines

Bamboo
tinfoil, coverity, black duck

Bamboo

CircleCI
black duck

CircleCI

Jenkins (commercial)
black duck

CloudBees

CodeShip
black duck

CodeShip

Concourse
black duck

Concourse

sbt logo
black duck

sbt

TC logo
software, risk manager, black duck

TeamCity

Gradle
coverity, black duck

Gradle

Wind River Workbench
coverity

Wind River Studio

Travis CI logo
black duck

Travos CI

Package manager

Package manager integrations

Black Duck works with package management tools to identify open source and third-party components in applications to help manage security, license, and component quality risks associated with dependencies.

coverity, black duck

Maven

Integrate Black Duck Static Analysis scanning with Apache Maven into existing build processes that you use in your SDLC.
Gogradle logo
Black Duck

Gogradle

Black Duck Static Analysis scanning with Gogradle into existing buid processes that you use in your SDLC.
npm logo
Coverity, Black Duck

npm

Integrate Static Analysis scanning with npm to seamlessly add static scanning into existing build processes that you use in your SDLC.
Bazel
black duck

Bazel

Bower
coverity

Bower

Cargo
black duck

Cargo

CocoaPods
black duck

CocoaPods

Composer
black duck

Composer

Comprehensive Perl Archive Network (CPAN)
black duck

CPAN

Conan

Conan

black duck
Conda
black duck

Conda

Go Module CLI
black duck

Go Module CLI

Go Vndr
black duck

Go Vndr

NuGet
black duck

NuGet

Lerna
black duck

Lerna

Pip
black duck

Pip

Poetry
black duck

Poetry

Rebar3
black duck

Rebar3

Packrat
black duck

Packrat

Yarn
coverity, black duck

Yarn

Yocto Project (YP)
black duck

Yocto Project (YP)

Learn more
RubyGems
black duck

RubyGems

Binary repository

Binary repository integrations

Black Duck integrates with binary repositories to host approved open source packages and store build artifacts to help developers identify source code and open source dependency violations to ensure code quality and compliance.

JFrog Artifactory logo
Black Duck

Artifactory

Identify source code and open source dependency violations in Artifactory repositories.
Nexus repository logo
black duck

Nexus Repository

Scan docker images for threats with Black Duck Binary Analysis integration.
Amazon ECR logo
Black Duck

Amazon ECR

Streamline AppSec testing of images in Google containers.
Azure logo
Black Duck

Azure

Docker Registry
Black Duck

Docker Registry

Google Container Registry
Black Duck

Google

Workflow and notifications

Workflow and notifications integrations

Black Duck integrates with popular notification and workflow management tools to flag vulnerabilities and send issues to downstream teams for resolution.

JFrog Artifactory logo
Coverity, black duck, seeker, polaris, software risk manager

Jira Software

The Black Duck plugin for JIRA creates issues based on vulnerabilities and issue policy violations detected by Black Duck.
Secure Code Warrior logo
Software risk manager, coverity, seeker

Secure Code Warrior

Black Duck and Secure Code Warrior provide an integrated solution to prevent security issues at the developer desktop to accelerate time to remediation.
Amazon ECR logo
black duck, seeker, software, risk manager

Slack

The Black Duck plugin for Slack allows you to create Slack notifications based on vulnerabilities and policy violations detected by Black Duck.
Azure Boards logo
Black Duck

Azure Boards

Docker Registry
Coverity

Bugzilla

SPDX logo
Black Duck

SPDX

Microsoft Teams
black duck, software risk manager

Microsoft Teams

Security testing

Security testing integrations

Black Duck offers an open platform that can integrate with several third-party security testing tools, enabling organizations to consolidate SAST, SCA, DAST, Infrasec, CNAPP, IaC, and pen testing in one place.

Click here for a full list of our supported integrations.

Checkmarx logo
software risk manager

Checkmarx

Black Duck’s ASPM solution can ingest vulnerability findings from Checkmarx into Polaris for a complete and centralized view of application risk posture across your organization.
Snyk logo
Software risk manager

Snyk

Black Duck’s ASPM solution can ingest vulnerability findings from Snyk into Polaris for a complete and centralized view of application risk posture across your organization.
Veracode logo
software risk manager

Veracode

Black Duck’s ASPM solution can ingest vulnerability findings from Veracode into Polaris for a complete and centralized view of application risk posture across your organization.
Acunetix
software risk manager

Acunetix

Acunetix
software risk manager

Anchore Enterprise

Acunetix
software risk manager

Android Studio Lint

AppSecAI Expert Triage Automation
coverity

AppSecAI Expert Triage Automation 

Acunetix
software risk manager

Aqua

Acunetix
software risk manager

Arachni

Acunetix
software risk manager

Brakeman

Acunetix
software risk manager

AppSpider

Acunetix
software risk manager

Clang

Acunetix
software risk manager

Code Cracker

Acunetix
software risk manager

CodePeer

Burp Suite Logo
software risk manager

Burp Suite

Acunetix
software risk manager

Contrast Assess

Acunetix
software risk manager

Cppcheck

Acunetix
software risk manager

Dependency-Check

Acunetix
software risk manager

Checkstyle

Acunetix
software risk manager

Errcheck

Acunetix
software risk manager

Error Prone

Acunetix
software risk manager

ESLint

Acunetix
software risk manager

CodeSonar

Acunetix
software risk manager

Fortify

Acunetix
software risk manager

Gocyclo

Acunetix
software risk manager

Golint

Acunetix
software risk manager

Dependency-Track

Acunetix
software risk manager

Gendarme

Acunetix
software risk manager

Ineffassign

Acunetix
software risk manager

JFrog Xray

Acunetix
software risk manager

Find Security Bugs

Acunetix
software risk manager

HCL AppScan

Acunetix
software risk manager

Microsoft

Acunetix
software risk manager

Mobile Secure

Acunetix
software risk manager

Acunetix
software risk manager coverity

JSHint

Acunetix
software risk manager

Nexus Lifecycle

Acunetix
software risk manager

Nmap

Go logo
software risk manager

Gosec

Acunetix
software risk manager

Netsparker

Acunetix
software risk manager

NowSecure

Acunetix
software risk manager

OCLint

Acunetix
software risk manager

Jlint

Acunetix
software risk manager

Parasoft

php logo
software risk manager

phpcs-security-audit

Acunetix
software risk manager

Prisma Cloud

Acunetix
software risk manager

Nessus

php logo
software risk manager

PHP_CodeSniffer

Acunetix
software risk manager

Qualys

JavaScript Logo on Black Duck Website
software risk manager

Retire.js

Acunetix
software risk manager

OWASP ZAP

Scala logo
software risk manager

Scalastyle

Acunetix
software risk manager

SD Elements

Acunetix
software risk manager

Security Code Scan

Acunetix
software risk manager

PHP Mess Detector

Acunetix
software risk manager

Staticcheck

Acunetix
software risk manager

Tenable

Acunetix
software risk manager

Vex

Acunetix
software risk manager

Pylint

Acunetix
software risk manager

Trustwave App Scanner

Go logo
software risk manager

Vet

Cycode
black duck coverity

Cycode

Acunetix
software risk manager

SafeSQL

Acunetix

WhiteSource

software risk manager
Thunderscan logo
software risk manager

Thunderscan

coverity
VigilantOp

Vigilant Ops

black duck
Acunetix

SpotBugs

software risk manager coverity
Q-mast
software risk manager

Q-mast

IriusRisk Threat Modeling
software risk manager

IriusRisk Threat Modeling

Acunetix
software risk manager coverity

Visual Studio Code Analysis

Acunetix
software risk manager

sqlmap

Java logo
software risk manager

GDS PMD Secure Coding Ruleset

coverity
Acunetix

CoGuard - Infrastructure Security and Automation

coverity
VigilantOp

Vigilant Ops

black duck
Acunetix

SpotBugs

software risk manager coverity
Production deployment

Production deployment integrations

Black Duck solutions integrate with leading production deployment tools to enable application releases that keep pace with development velocity, scale with organizations’ software footprint, and thoroughly test for quality.

AWS logo
Seeker

Amazon Web Services

Deploy compliant code releases tested by Black Duck to the cloud with Amazon Web Services.
Checkmarx logo
black duck

Google Cloud

Deploy compliant code releases tested by Black Duck to the cloud with Google Cloud.
Checkmarx logo
black duck

Kubernetes

Deploy compliant containerized apps tested by Black Duck with Kubernetes.
Cloud Foundry
seeker

Cloud Foundry

VMware Tanzu
seeker

VMware Tanzu

IBM Cloud Pak for Applications
black duck

IBM Cloud Pak for Applications

Microsoft Azure
black duck

Microsoft Azure

Red Hat OpenShift
black duck, seeker

Red Hat OpenShift