04:45 PM
Dark Reading
Dark Reading
Products and Releases

Black Duck Teams Up with Pivotal to Secure and Manage Open Source Cloud-Native Applications for the Enterprise

Collaboration integrates Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience

BURLINGTON, MA, July 18, 2017 Black Duck, the global leader in automating the security and management of open source software, today announced a new technology collaboration with Pivotal® and the launch of its Black Duck Hub product as an integrated service for Pivotal Cloud Foundry®, one of the world's most powerful cloud-native platforms. This is the first open source-focused security management integration with Pivotal Cloud Foundry, enabling enterprise customers to embrace open source in their applications with automated visibility, intelligence, and control.


Black Duck and Pivotal have collaborated to integrate Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience for building and deploying applications to Pivotal Cloud Foundry.


  • Enterprise customers can find Black Duck as a tile on the Pivotal Network.
  • Black Duck Hub Service Broker enables the integrated use of Hub with Pivotal Cloud Foundry. Black Duck Hub interacts with the Pivotal Cloud Foundry build and application deployment process (‘cf push’) to automatically scan, analyze, and monitor applications and their contents.
  • Enterprise customers can automate their Black Duck scans with third-party Continuous Integration (CI) tools such as Jenkins, Bamboo, Team City, and Microsoft VSTS/TFS.
  • Enterprise customers can deploy Black Duck Hub product either in their private cloud or in a public cloud, such as Google Cloud.


Using Black Duck Hub, enterprise customers can automatically identify all the open source components; detect and analyze known security vulnerabilities, compliance issues, and code quality risks; and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered vulnerabilities or policy violations. Enterprise customers can also use Hub to access Black Duck KnowledgeBase™, the world’s most comprehensive data store of open source components and risk intelligence.


“Open source comprises 80 to 90 percent of the components in a modern cloud-native application. Integration of Black Duck Hub with Pivotal Cloud Foundry provides automated visibility and control into that open source,” said Black Duck CEO Lou Shipley. “This helps increase enterprises’ confidence to increase their production deployment of cloud-native applications.”


“Fortune 2000 companies are facing tremendous pressure to build and deliver cloud-native applications -  faster, on a larger scale, and at lower cost,” said Nima Badiey, Head of Business Development, Pivotal Cloud Foundry. “Combining Black Duck Hub with Pivotal Cloud Foundry helps our customers automate the security and licensing processes in their application deployment pipelines, enabling agility and innovation at cloud-native speeds.”



  • The integrated solution is available for Pivotal customers. Pivotal Cloud Foundry users can find Black Duck Hub Service Broker on the Pivotal Network.
  • Use of Black Duck Hub with Pivotal Cloud Foundry requires an active Hub license from Black Duck.


In addition to the new integrated solution for Pivotal Cloud Foundry users, Black Duck today announced that Pivotal has become a Black Duck Hub customer for Pivotal’s internal use. Pivotal uses Hub as part of its internal Pivotal Cloud Foundry development and security processes to help secure and manage open source components in the Cloud Foundry project.


About Black Duck Software

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.