Compare Black Duck and Snyk 
- Users report that Black Duck Software Composition Analysis excels in its Automated Scans feature, scoring a high 9.1, which allows for efficient and thorough scanning of open source components, while Snyk also performs well but slightly lower at 8.0.
- Reviewers mention that Snyk shines in Ease of Setup with a score of 9.0, making it more user-friendly for new users compared to Black Duck's score of 8.3, which can be a deciding factor for teams looking for quick deployment.
- G2 users highlight that Black Duck's Risk Scoring feature, rated at 8.4, provides detailed insights into vulnerabilities, whereas Snyk's lower score of 6.5 in Secrets Management indicates a potential gap in handling sensitive information.
- Users on G2 report that Snyk's Quality of Support is rated at 8.6, which is significantly higher than Black Duck's 7.5, suggesting that Snyk may offer better customer service and support resources for users.
- Reviewers mention that Black Duck's Static Code Analysis feature is highly regarded with a score of 8.5, providing robust analysis capabilities, while Snyk's score of 8.0 indicates it may not be as comprehensive in this area.
- Users say that Snyk's Continuous Monitoring feature, rated at 8.3, is a strong point, allowing for ongoing oversight of vulnerabilities, while Black Duck's score of 8.0 in this area shows it is competitive but may not match Snyk's effectiveness.
- 200 Open Source tests per month
- 100 Container tests per month
- 300 IaC tests per month
Impressed with the Blackduck offerings to scan and manage OpenSource software, their service, and the response time . Very detailed information on licensing and vulnerability for the open source software . UI and the usability of the tool and its plugins...
Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component...
-Easy integration available for GIthub -Vulenrabilities false positive rate is slightly better than other tools -Can be easily integrated within CI/Cd pipline. -Automatic code scanning and report generation available -Works with almost all...
Customer support is slow to respond, usually not helpful and ended up escalating to a developer, that's when we lost all contact and did not get a solution to a clear bug that prevents us from using the product. Another really important note around SBOM,...
Impressed with the Blackduck offerings to scan and manage OpenSource software, their service, and the response time . Very detailed information on licensing and vulnerability for the open source software . UI and the usability of the tool and its plugins...
-Easy integration available for GIthub -Vulenrabilities false positive rate is slightly better than other tools -Can be easily integrated within CI/Cd pipline. -Automatic code scanning and report generation available -Works with almost all...
Still too many incorrect identifications. There is no support for a workflow to manage mitigations of vulnerabilities in a particular component in one version of a project, then apply those comments and actions to future versions, or to the same component...
Customer support is slow to respond, usually not helpful and ended up escalating to a developer, that's when we lost all contact and did not get a solution to a clear bug that prevents us from using the product. Another really important note around SBOM,...
