04:45 PM
Dark Reading
Dark Reading
Products and Releases

Black Duck Teams Up with Pivotal to Secure and Manage Open Source Cloud-Native Applications for the Enterprise

Collaboration integrates Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience

BURLINGTON, MA, July 18, 2017 Black Duck, the global leader in automating the security and management of open source software, today announced a new technology collaboration with Pivotal® and the launch of its Black Duck Hub product as an integrated service for Pivotal Cloud Foundry®, one of the world's most powerful cloud-native platforms. This is the first open source-focused security management integration with Pivotal Cloud Foundry, enabling enterprise customers to embrace open source in their applications with automated visibility, intelligence, and control.


Black Duck and Pivotal have collaborated to integrate Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience for building and deploying applications to Pivotal Cloud Foundry.


  • Enterprise customers can find Black Duck as a tile on the Pivotal Network.
  • Black Duck Hub Service Broker enables the integrated use of Hub with Pivotal Cloud Foundry. Black Duck Hub interacts with the Pivotal Cloud Foundry build and application deployment process (‘cf push’) to automatically scan, analyze, and monitor applications and their contents.
  • Enterprise customers can automate their Black Duck scans with third-party Continuous Integration (CI) tools such as Jenkins, Bamboo, Team City, and Microsoft VSTS/TFS.
  • Enterprise customers can deploy Black Duck Hub product either in their private cloud or in a public cloud, such as Google Cloud.


Using Black Duck Hub, enterprise customers can automatically identify all the open source components; detect and analyze known security vulnerabilities, compliance issues, and code quality risks; and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered vulnerabilities or policy violations. Enterprise customers can also use Hub to access Black Duck KnowledgeBase™, the world’s most comprehensive data store of open source components and risk intelligence.


“Open source comprises 80 to 90 percent of the components in a modern cloud-native application. Integration of Black Duck Hub with Pivotal Cloud Foundry provides automated visibility and control into that open source,” said Black Duck CEO Lou Shipley. “This helps increase enterprises’ confidence to increase their production deployment of cloud-native applications.”


“Fortune 2000 companies are facing tremendous pressure to build and deliver cloud-native applications -  faster, on a larger scale, and at lower cost,” said Nima Badiey, Head of Business Development, Pivotal Cloud Foundry. “Combining Black Duck Hub with Pivotal Cloud Foundry helps our customers automate the security and licensing processes in their application deployment pipelines, enabling agility and innovation at cloud-native speeds.”



  • The integrated solution is available for Pivotal customers. Pivotal Cloud Foundry users can find Black Duck Hub Service Broker on the Pivotal Network.
  • Use of Black Duck Hub with Pivotal Cloud Foundry requires an active Hub license from Black Duck.


In addition to the new integrated solution for Pivotal Cloud Foundry users, Black Duck today announced that Pivotal has become a Black Duck Hub customer for Pivotal’s internal use. Pivotal uses Hub as part of its internal Pivotal Cloud Foundry development and security processes to help secure and manage open source components in the Cloud Foundry project.


About Black Duck Software

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-07-20
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive ...
PUBLISHED: 2018-07-20
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a spe...
PUBLISHED: 2018-07-20
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
PUBLISHED: 2018-07-20
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
PUBLISHED: 2018-07-20
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.