Black Duck Teams Up with Pivotal to Secure and Manage Open Source Cloud-Native Applications for the Enterprise

Collaboration integrates Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience

July 19, 2017

3 Min Read


BURLINGTON, MA, July 18, 2017 – Black Duck, the global leader in automating the security and management of open source software, today announced a new technology collaboration with Pivotal® and the launch of its Black Duck Hub product as an integrated service for Pivotal Cloud Foundry®, one of the world's most powerful cloud-native platforms. This is the first open source-focused security management integration with Pivotal Cloud Foundry, enabling enterprise customers to embrace open source in their applications with automated visibility, intelligence, and control.


Black Duck and Pivotal have collaborated to integrate Black Duck Hub and Pivotal Cloud Foundry to deliver a Secure DevOps process and user experience for building and deploying applications to Pivotal Cloud Foundry.


  • Enterprise customers can find Black Duck as a tile on the Pivotal Network.

  • Black Duck Hub Service Broker enables the integrated use of Hub with Pivotal Cloud Foundry. Black Duck Hub interacts with the Pivotal Cloud Foundry build and application deployment process (‘cf push’) to automatically scan, analyze, and monitor applications and their contents.

  • Enterprise customers can automate their Black Duck scans with third-party Continuous Integration (CI) tools such as Jenkins, Bamboo, Team City, and Microsoft VSTS/TFS.

  • Enterprise customers can deploy Black Duck Hub product either in their private cloud or in a public cloud, such as Google Cloud.


Using Black Duck Hub, enterprise customers can automatically identify all the open source components; detect and analyze known security vulnerabilities, compliance issues, and code quality risks; and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered vulnerabilities or policy violations. Enterprise customers can also use Hub to access Black Duck KnowledgeBase™, the world’s most comprehensive data store of open source components and risk intelligence.


“Open source comprises 80 to 90 percent of the components in a modern cloud-native application. Integration of Black Duck Hub with Pivotal Cloud Foundry provides automated visibility and control into that open source,” said Black Duck CEO Lou Shipley. “This helps increase enterprises’ confidence to increase their production deployment of cloud-native applications.”


“Fortune 2000 companies are facing tremendous pressure to build and deliver cloud-native applications -  faster, on a larger scale, and at lower cost,” said Nima Badiey, Head of Business Development, Pivotal Cloud Foundry. “Combining Black Duck Hub with Pivotal Cloud Foundry helps our customers automate the security and licensing processes in their application deployment pipelines, enabling agility and innovation at cloud-native speeds.”



  • The integrated solution is available for Pivotal customers. Pivotal Cloud Foundry users can find Black Duck Hub Service Broker on the Pivotal Network.

  • Use of Black Duck Hub with Pivotal Cloud Foundry requires an active Hub license from Black Duck.


In addition to the new integrated solution for Pivotal Cloud Foundry users, Black Duck today announced that Pivotal has become a Black Duck Hub customer for Pivotal’s internal use. Pivotal uses Hub as part of its internal Pivotal Cloud Foundry development and security processes to help secure and manage open source components in the Cloud Foundry project.


About Black Duck Software

Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Northern Ireland, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights