DevOps integrations for developers | Black Duck
Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.
Integrated development environment (IDE) integrations
The Code Sight IDE plug-in integrates SAST and SCA scans into the developer IDE, enabling developers to identify and fix vulnerabilities before committing code, saving time and improving code quality.
software risk manager, coverity, code sight
Eclipse
Upload binaries to Black Duck for static analysis. Review scan results from within Eclipse to remediate security findings in your apps.
software risk manager, coverity, code sight
IntelliJ IDEA
Upload binaries to Black Duck for static analysis. Review scan results from within Intellij to remediate security findings in your apps.
Software risk manager, coverity code sight
Visual Studio
Compile and upload apps to Black Duck for static analysis. Identify security findings, view datapath info, and get remedition guidance within the IDE.
code sight, coverity
PyCharm
code sight coverity
RubyMine
Code sight, Coverity
PhpStorm
coverity, code sight
Visual Studio Code
Coverity
QNX Momentics Tool Suite
code sight, coverity
WebStorm
Source Code Management (SCM) integrations
Black Duck's security tools integrate with leading source code management solutions to enable rapid scans on every pull or merge request to provide quick results and prevent issues from impacting other teams.
coverity, polaris, black duck
GitHub
Automate Black Duck SAST or SCA scanning of your application code from within GitHub.
coverity, polaris, black duck
GitLab
Perform SAST or SCA scans on each new build with integration to GitLab templates.
coverity, software risk manager
Bitbucket
Black Duck Security Scan Pipe integrates Black Duck security testing into your Bitbucket pipeline.
polaris, coverity, black duck seeker
Azure DevOps
Build and CI integrations
Black Duck’s security tools integrate with leading build and CI tools to add security into CI/CD pipelines. Security teams can enforce policies by integrating scan results into quality gates, enabling them to break builds if violations occur.
Coverity, Polaris, Black Duck
GitHub
Automate Black Duck SAST or SCA scanning of your application code from within GitHub.
coverity, polaris, black duck
GitLab
Perform SAST or SCA scans on each new build with integration to GitLab templates.
software risk manager, coverity, black duck, seeker, tinfoil
Jenkins
Black Duck Jenkins Plugin automates building, uploading, and scanning of application code in Jenkins pipelines.
polaris, coverity, black duck, seeker
Azure DevOps
tinfoil, coverity, black duck
Azure Pipelines
tinfoil, coverity, black duck
Bamboo
software, risk manager, black duck
TeamCity
coverity, black duck
Gradle
coverity
Wind River Studio
Package manager integrations
Black Duck works with package management tools to identify open source and third-party components in applications to help manage security, license, and component quality risks associated with dependencies.
coverity, black duck
Maven
Integrate Black Duck Static Analysis scanning with Apache Maven into existing build processes that you use in your SDLC.
Black Duck
Gogradle
Black Duck Static Analysis scanning with Gogradle into existing buid processes that you use in your SDLC.
Coverity, Black Duck
npm
Integrate Static Analysis scanning with npm to seamlessly add static scanning into existing build processes that you use in your SDLC.
coverity, black duck
Yarn
black duck
Yocto Project (YP)
Binary repository integrations
Black Duck integrates with binary repositories to host approved open source packages and store build artifacts to help developers identify source code and open source dependency violations to ensure code quality and compliance.
Black Duck
Artifactory
Identify source code and open source dependency violations in Artifactory repositories.
black duck
Nexus Repository
Scan docker images for threats with Black Duck Binary Analysis integration.
Black Duck
Amazon ECR
Streamline AppSec testing of images in Google containers.
Black Duck
Docker Registry
Workflow and notifications integrations
Black Duck integrates with popular notification and workflow management tools to flag vulnerabilities and send issues to downstream teams for resolution.
Coverity, black duck, seeker, polaris, software risk manager
Jira Software
The Black Duck plugin for JIRA creates issues based on vulnerabilities and issue policy violations detected by Black Duck.
Software risk manager, coverity, seeker
Secure Code Warrior
Black Duck and Secure Code Warrior provide an integrated solution to prevent security issues at the developer desktop to accelerate time to remediation.
black duck, seeker, software, risk manager
Slack
The Black Duck plugin for Slack allows you to create Slack notifications based on vulnerabilities and policy violations detected by Black Duck.
black duck, software risk manager
Microsoft Teams
Security testing integrations
Black Duck offers an open platform that can integrate with several third-party security testing tools, enabling organizations to consolidate SAST, SCA, DAST, Infrasec, CNAPP, IaC, and pen testing in one place.
Click here for a full list of our supported integrations.
software risk manager
Checkmarx
Black Duck’s ASPM solution can ingest vulnerability findings from Checkmarx into Polaris for a complete and centralized view of application risk posture across your organization.
Software risk manager
Snyk
Black Duck’s ASPM solution can ingest vulnerability findings from Snyk into Polaris for a complete and centralized view of application risk posture across your organization.
software risk manager
Veracode
Black Duck’s ASPM solution can ingest vulnerability findings from Veracode into Polaris for a complete and centralized view of application risk posture across your organization.
software risk manager
Acunetix
software risk manager
Anchore Enterprise
software risk manager
Android Studio Lint
coverity
AppSecAI Expert Triage Automation
software risk manager
Aqua
software risk manager
Arachni
software risk manager
Brakeman
software risk manager
AppSpider
software risk manager
Clang
software risk manager
Code Cracker
software risk manager
CodePeer
software risk manager
Burp Suite
software risk manager
Contrast Assess
software risk manager
Cppcheck
software risk manager
Dependency-Check
software risk manager
Checkstyle
software risk manager
Errcheck
software risk manager
Error Prone
software risk manager
ESLint
software risk manager
CodeSonar
software risk manager
Fortify
software risk manager
Gocyclo
software risk manager
Dependency-Track
software risk manager
Gendarme
software risk manager
Ineffassign
software risk manager
JFrog Xray
software risk manager
Find Security Bugs
software risk manager
HCL AppScan
software risk manager
Microsoft
software risk manager
Mobile Secure
software risk manager, coverity
JSHint
software risk manager
Nexus Lifecycle
software risk manager
Nmap
software risk manager
Gosec
software risk manager
Netsparker
software risk manager
NowSecure
software risk manager
OCLint
software risk manager
Jlint
software risk manager
Parasoft
software risk manager
phpcs-security-audit
software risk manager
Prisma Cloud
software risk manager
Nessus
software risk manager
PHP_CodeSniffer
software risk manager
Qualys
software risk manager
Retire.js
software risk manager
OWASP ZAP
software risk manager
Scalastyle
software risk manager
SD Elements
software risk manager
Security Code Scan
software risk manager
PHP Mess Detector
software risk manager
Staticcheck
software risk manager
Tenable
software risk manager
Vex
software risk manager
Pylint
software risk manager
Trustwave App Scanner
software risk manager
Go Vet
black duck coverity
Cycode
software risk manager
SafeSQL
Software Risk Manager
WhiteSource
software risk manager, coverity
Thunderscan
software risk manager, coverity
SpotBugs
software risk manager
Q-mast
software risk manager
IriusRisk Threat Modeling
software risk manager, coverity
Visual Studio Code Analysis
software risk manager
sqlmap
software risk manager, coverity
GDS PMD Secure Coding Ruleset
Coverity
CoGuard - Infrastructure Security and Automation
software risk manager
SpotBugs
Production deployment integrations
Black Duck solutions integrate with leading production deployment tools to enable application releases that keep pace with development velocity, scale with organizations’ software footprint, and thoroughly test for quality.
Seeker
Amazon Web Services
Deploy compliant code releases tested by Black Duck to the cloud with Amazon Web Services.
black duck
Google Cloud
Deploy compliant code releases tested by Black Duck to the cloud with Google Cloud.
black duck
Kubernetes
Deploy compliant containerized apps tested by Black Duck with Kubernetes.
black duck
IBM Cloud Pak for Applications
black duck
Microsoft Azure
black duck, seeker
Red Hat OpenShift