Cloud

7/18/2017
04:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Black Duck Teams Up with Pivotal to Secure and Manage Open Source Cloud-Native Applications for the Enterprise

Collaboration integrates Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience

BURLINGTON, MA, July 18, 2017 Black Duck, the global leader in automating the security and management of open source software, today announced a new technology collaboration with Pivotal® and the launch of its Black Duck Hub product as an integrated service for Pivotal Cloud Foundry®, one of the world's most powerful cloud-native platforms. This is the first open source-focused security management integration with Pivotal Cloud Foundry, enabling enterprise customers to embrace open source in their applications with automated visibility, intelligence, and control.

 

Black Duck and Pivotal have collaborated to integrate Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience for building and deploying applications to Pivotal Cloud Foundry.

 

  • Enterprise customers can find Black Duck as a tile on the Pivotal Network.
  • Black Duck Hub Service Broker enables the integrated use of Hub with Pivotal Cloud Foundry. Black Duck Hub interacts with the Pivotal Cloud Foundry build and application deployment process (‘cf push’) to automatically scan, analyze, and monitor applications and their contents.
  • Enterprise customers can automate their Black Duck scans with third-party Continuous Integration (CI) tools such as Jenkins, Bamboo, Team City, and Microsoft VSTS/TFS.
  • Enterprise customers can deploy Black Duck Hub product either in their private cloud or in a public cloud, such as Google Cloud.

 

Using Black Duck Hub, enterprise customers can automatically identify all the open source components; detect and analyze known security vulnerabilities, compliance issues, and code quality risks; and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered vulnerabilities or policy violations. Enterprise customers can also use Hub to access Black Duck KnowledgeBase™, the world’s most comprehensive data store of open source components and risk intelligence.

 

“Open source comprises 80 to 90 percent of the components in a modern cloud-native application. Integration of Black Duck Hub with Pivotal Cloud Foundry provides automated visibility and control into that open source,” said Black Duck CEO Lou Shipley. “This helps increase enterprises’ confidence to increase their production deployment of cloud-native applications.”

 

“Fortune 2000 companies are facing tremendous pressure to build and deliver cloud-native applications -  faster, on a larger scale, and at lower cost,” said Nima Badiey, Head of Business Development, Pivotal Cloud Foundry. “Combining Black Duck Hub with Pivotal Cloud Foundry helps our customers automate the security and licensing processes in their application deployment pipelines, enabling agility and innovation at cloud-native speeds.”

 

Availability

  • The integrated solution is available for Pivotal customers. Pivotal Cloud Foundry users can find Black Duck Hub Service Broker on the Pivotal Network.
  • Use of Black Duck Hub with Pivotal Cloud Foundry requires an active Hub license from Black Duck.

 

In addition to the new integrated solution for Pivotal Cloud Foundry users, Black Duck today announced that Pivotal has become a Black Duck Hub customer for Pivotal’s internal use. Pivotal uses Hub as part of its internal Pivotal Cloud Foundry development and security processes to help secure and manage open source components in the Cloud Foundry project.

 

About Black Duck Software

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Santa: "How about a unicorn coming out of a monitor instead?"
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.