Compare Black Duck and FOSSA 
- Users report that Black Duck Software Composition Analysis excels in its Integration capabilities, scoring 9.2, which allows for seamless incorporation into existing workflows. In contrast, FOSSA, while still effective, has a slightly lower integration score, indicating potential challenges in connecting with other tools.
- Reviewers mention that FOSSA shines in Ease of Use, achieving a score of 8.8, making it more user-friendly for teams new to software composition analysis. Black Duck, with a score of 8.0, may require a steeper learning curve for some users.
- G2 users highlight Black Duck's superior Thorough Detection capabilities, scoring 9.4, which ensures comprehensive identification of vulnerabilities. FOSSA, while effective, does not match this level of thoroughness, which could impact security assessments.
- Users on G2 report that FOSSA provides better Quality of Support, with a score of 8.3 compared to Black Duck's 7.5. This suggests that FOSSA may offer more responsive and helpful customer service, which is crucial for resolving issues quickly.
- Reviewers say that Black Duck's Remediation Suggestions feature, scoring 8.1, is beneficial for guiding users on how to address identified vulnerabilities, although it may not be as robust as FOSSA's overall support in this area.
- Users report that FOSSA's Continuous Monitoring feature, with a score of 8.5, is particularly effective for maintaining ongoing compliance, while Black Duck's score in this area is slightly lower, indicating it may not provide the same level of vigilance.
Impressed with the Blackduck offerings to scan and manage OpenSource software, their service, and the response time . Very detailed information on licensing and vulnerability for the open source software . UI and the usability of the tool and its plugins...
Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component...
They are very comprehensive and thorough in their evaluations and send info when needed.
We found that some of the real time tools were somewhat slow, but they were not a detriment to overall performance and still kept everything up to speed.
Impressed with the Blackduck offerings to scan and manage OpenSource software, their service, and the response time . Very detailed information on licensing and vulnerability for the open source software . UI and the usability of the tool and its plugins...
They are very comprehensive and thorough in their evaluations and send info when needed.
Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component...
We found that some of the real time tools were somewhat slow, but they were not a detriment to overall performance and still kept everything up to speed.
