Black Duck Streamlines DevSecOps with New Hub Detect CapabilityBlack Duck Streamlines DevSecOps with New Hub Detect Capability
Multi-factor open source discovery solution provides universal package manager and CI tool support, in a move to improve detection accuracy.
August 24, 2017
BURLINGTON, MA – Black Duck, a leader in automated solutions for securing and managing open source software, today announced the release of Hub Detect, which adds capability to its Hub solution that simplifies and streamlines open source management for DevSecOps.
Today’s innovative continuous-integration (CI) tools and package managers allow organizations to build better software and release it faster. However, as the number of package managers and CI tools has multiplied in recent years, configuration and integration challenges have mounted as well, creating a need for additional DevOps automation, Black Duck said.
Hub Detect dramatically simplifies integration into a DevOps tool chain by providing zero-configuration universal support for all package managers and CI tools. It automatically detects, downloads, and configures the appropriate integrations needed to perform an open source scan. Hub Detect also ensures the most accurate inventory of open source by automatically combining multiple analysis techniques. Only Black Duck provides this multi-factor approach, which is critical for effective management of open source security and license compliance risks, the company said.
"Speed and agility are paramount in DevOps. With Hub Detect we’ve eliminated the complexity of identifying each of the package managers and CI tools in use and the pain of having to configure them individually," said Black Duck CEO Lou Shipley.
"In short, Hub Detect runs seamlessly within any DevOps toolchain, providing the universal, simple, one-time configuration that automatically finds the best way to identify, analyze and monitor open source code. This enables customers to optimize open source security and reduce risk," Shipley said.
Black Duck noted that because Hub Detect knows which package managers are being used, it finds the most effective way to scan and analyze the open source code. It combines Black Duck’s signature scanning with analysis of any package managers in use to produce a complete and accurate open source Bill-of-Material (BoM) with minimum false positives or false negatives.
Black Duck said Hub Detect can be added to any CI script execution block, which means it can be used within any CI tool that runs shell-based post-build steps.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023