| CARVIEW |
Development and DevOps Integrations
Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.
Automate risk detection
Accelerate triage and remediation
Boost developer productivity
Integrated development environment (IDE) integrations
The Code Sight IDE plug-in integrates SAST and SCA scans into the developer IDE, enabling developers to identify and fix vulnerabilities before committing code, saving time and improving code quality.
Eclipse
IntelliJ IDEA
Visual Studio
Android Studio
PyCharm
IBM
RubyMine
PhpStorm
Visual Studio Code
QNX Momentics Tool Suite
Wind River
WebStorm
Source Code Management (SCM) integrations
Black Duck's security tools integrate with leading source code management solutions to enable rapid scans on every pull or merge request to provide quick results and prevent issues from impacting other teams.
GitHub
GitLab
Bitbucket
Azure DevOps
Azure Repos
Build and CI integrations
Black Duck’s security tools integrate with leading build and CI tools to add security into CI/CD pipelines. Security teams can enforce policies by integrating scan results into quality gates, enabling them to break builds if violations occur.
GitHub
GitLab
Jenkins
AWS CodeBuild
Azure DevOps
Azure Pipelines
Bamboo
CircleCI
CloudBees
CodeShip
Concourse
sbt
TeamCity
Gradle
Wind River Studio
Travos CI
Package manager integrations
Black Duck works with package management tools to identify open source and third-party components in applications to help manage security, license, and component quality risks associated with dependencies.
Maven
Gogradle
npm
Bazel
Bower
Cargo
CocoaPods
Composer
CPAN
Conan
Conda
Go Module CLI
Go Vndr
NuGet
Lerna
Pip
Poetry
Rebar3
Packrat
Yarn
RubyGems
Binary repository integrations
Black Duck integrates with binary repositories to host approved open source packages and store build artifacts to help developers identify source code and open source dependency violations to ensure code quality and compliance.
Artifactory
Nexus Repository
Amazon ECR
Azure
Docker Registry
Workflow and notifications integrations
Black Duck integrates with popular notification and workflow management tools to flag vulnerabilities and send issues to downstream teams for resolution.
Jira Software
Secure Code Warrior
Slack
Azure Boards
Bugzilla
SPDX
Microsoft Teams
Security testing integrations
Black Duck offers an open platform that can integrate with several third-party security testing tools, enabling organizations to consolidate SAST, SCA, DAST, Infrasec, CNAPP, IaC, and pen testing in one place.
Click here for a full list of our supported integrations.
Checkmarx
Snyk
Veracode
Acunetix
Anchore Enterprise
Android Studio Lint
AppSecAI Expert Triage Automation
Aqua
Arachni
Brakeman
AppSpider
Clang
Code Cracker
CodePeer
Burp Suite
Contrast Assess
Cppcheck
Dependency-Check
Checkstyle
Errcheck
Error Prone
ESLint
CodeSonar
Fortify
Gocyclo
Golint
Dependency-Track
Gendarme
Ineffassign
JFrog Xray
Find Security Bugs
HCL AppScan
Microsoft
Mobile Secure
JSHint
Nexus Lifecycle
Nmap
Gosec
Netsparker
NowSecure
OCLint
Jlint
Parasoft
phpcs-security-audit
Prisma Cloud
Nessus
PHP_CodeSniffer
Qualys
Retire.js
OWASP ZAP
Scalastyle
SD Elements
Security Code Scan
PHP Mess Detector
Staticcheck
Tenable
Vex
Pylint
Trustwave App Scanner
Vet
Cycode
SafeSQL
WhiteSource
Thunderscan
Vigilant Ops
SpotBugs
Q-mast
IriusRisk Threat Modeling
Visual Studio Code Analysis
sqlmap
GDS PMD Secure Coding Ruleset
CoGuard - Infrastructure Security and Automation
Vigilant Ops
SpotBugs
Production deployment integrations
Black Duck solutions integrate with leading production deployment tools to enable application releases that keep pace with development velocity, scale with organizations’ software footprint, and thoroughly test for quality.
Amazon Web Services
Google Cloud
Kubernetes
Cloud Foundry
VMware Tanzu
IBM Cloud Pak for Applications
Microsoft Azure
Red Hat OpenShift