Duck Black ™ (Black Duck Software) is a source code scan, audit and management of software testing tools. Software respectively protex, Codecenter, Export composition. The number of open source statistical tools, quality, risk and potential security vulnerabilities.
Protex: Open Source Intellectual Property and compliance checks.
Coedcenter looking for effective management and use of open source code and open source in the presence of security vulnerabilities.
Export discover the source code if they contain encryption algorithms export controls.
HUB: Support open source binary scan, the slice level can be accurately open scanning two lines of code.
Black duck features:
1. Intellectual Property and Compliance: open source software risk License (legal) conflicts, code compliance checks.
2. Security vulnerabilities: open source software BUG known security vulnerabilities, hidden, attacks exploit vulnerabilities.
3. Open Source Software Quality: ① open-source version of the software, functionality, performance, security upgrade . ② open source software project update activity, software quality, development prospects. ③ open source community vulnerability discovery, no maintenance and problem solving.
4. self-control, external supervision: ① relevant state agencies, independent intellectual property rights for software controllable requirements . ② Huawei suppliers of open source software compliance inspection requirements.
Black duck open source software testing tools:
1.KB vulnerability database NVD + VulnDB: ①NVD National Information Security Vulnerability Database. ②VulnDB US commercial companies Vulnerability Database.
2. The software supports scanning format: clip, file-level scanning.
Features:
1.Black duck is the world's largest and most comprehensive open source knowledge base, covering almost all of the currently open source code.
2. Advanced "Code fingerprint" identification technology, open source code generation Code Print, quick analysis showed that compared to find the source code open source as well as security risks.
3. powerful open source code matches a search engine that can be matched from various angles description of open source code, version, license type, side programming language, operating system support, to help you quickly find open source resources.
4. A detailed analysis and audit reports, items may conflict with open source license agreement all listed, and generate individual reports for each conflict item, also suggest appropriate solutions.