BURLINGTON, MA – Black Duck, a leader in automated solutions for securing and managing open source software, today announced the release of Hub Detect, which adds capability to its Hub solution that simplifies and streamlines open source management for DevSecOps.
Today’s innovative continuous-integration (CI) tools and package managers allow organizations to build better software and release it faster. However, as the number of package managers and CI tools has multiplied in recent years, configuration and integration challenges have mounted as well, creating a need for additional DevOps automation, Black Duck said.
Hub Detect dramatically simplifies integration into a DevOps tool chain by providing zero-configuration universal support for all package managers and CI tools. It automatically detects, downloads, and configures the appropriate integrations needed to perform an open source scan. Hub Detect also ensures the most accurate inventory of open source by automatically combining multiple analysis techniques. Only Black Duck provides this multi-factor approach, which is critical for effective management of open source security and license compliance risks, the company said.
"Speed and agility are paramount in DevOps. With Hub Detect we’ve eliminated the complexity of identifying each of the package managers and CI tools in use and the pain of having to configure them individually," said Black Duck CEO Lou Shipley.
"In short, Hub Detect runs seamlessly within any DevOps toolchain, providing the universal, simple, one-time configuration that automatically finds the best way to identify, analyze and monitor open source code. This enables customers to optimize open source security and reduce risk," Shipley said.
Black Duck noted that because Hub Detect knows which package managers are being used, it finds the most effective way to scan and analyze the open source code. It combines Black Duck’s signature scanning with analysis of any package managers in use to produce a complete and accurate open source Bill-of-Material (BoM) with minimum false positives or false negatives.
Black Duck said Hub Detect can be added to any CI script execution block, which means it can be used within any CI tool that runs shell-based post-build steps.