Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

Black Duck Binary Analysis

Identify open source supply chain risks even when you don't have access to the code

Request a demo

Take the product tour

A lot of open source enters your organization through third-party libraries and executables, and with it can come hidden vulnerabilities and license obligations you need to address. But most software composition analysis (SCA) solutions require access to source code or build systems, leaving your software supply chain at risk.

Detect security and license risks in software binaries

Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.

Using a combination of static and string analysis techniques coupled with fuzzy matching against the Black Duck KnowledgeBase, Black Duck Binary Analysis quickly and reliably identifies components, even if they’ve been modified.

Scan executables and containers before they ship

Even if you perform SCA scans during the build process, new open source components can make their way into your applications as they’re packaged for delivery to your customers or production environments.

Black Duck Binary Analysis enables you to quickly and easily run predeployment security scans on containers and executables to ensure final packaging doesn’t introduce new components or vulnerabilities.

Address security risk beyond known vulnerabilties

Open source vulnerabilities aren’t the only security issues that might be lurking in application binaries.

Black Duck Binary Analysis can also detect if sensitive information like email addresses, authorization tokens, compiler switches, and passwords are exposed, and it identifies when mobile applications request excessive permissions—all of which puts your organization and users' personal data at risk.

Detect and manage software supply chain risks

Modern applications are a complex mix of proprietary, open source, and third-party components obtained through a variety of sources.

Black Duck Binary Analysis helps you detect and manage security and license risks across the software supply chain, including:

Third-party libraries used within the software you build
Packaged software you procure from independent software vendors
IoT/embedded firmware
Containers and container images
Modified and unmodified open source components

Black Duck Binary Analysis

Detect security and license risks in software binaries

Scan executables and containers before they ship

Address security risk beyond known vulnerabilties

Detect and manage software supply chain risks

Related content

Black Duck Binary Analysis

Discovery capabilities: A core differentiator for Black Duck SCA

Black Duck SCA

Want to know more?

Legal