- Home
- ...
- Software Composition Analysis Tools
- Black Duck Software Composition Analysis
- SOOS
- Black Duck Software Composition Analysis-vs-SOOS
Compare Black Duck Software Composition Analysis and SOOS 
Black Duck Software Composition Analysis vs SOOS
When assessing the two solutions, reviewers found SOOS easier to use, set up, and administer. Reviewers also preferred doing business with SOOS overall.
- Reviewers felt that SOOS meets the needs of their business better than Black Duck Software Composition Analysis.
- When comparing quality of ongoing product support, reviewers felt that SOOS is the preferred option.
- For feature updates and roadmaps, our reviewers preferred the direction of SOOS over Black Duck Software Composition Analysis.
- All features of SOOS SCA
- Scan Node, Ruby, Python, Java, & more (17 pkg managers and languages)
- Robust license policies
Black duck serves as a good platform to identify third party software risk factors. It can be easily integrated as of part of CI/CD tools to scan security, license risk etc. It shows the exact break up of all the risky components of the binaries.
It is difficult and tedious to use. That it is incapable of recognizing subtle differences in versions that do and don't matter. That its tasks require multiple steps that could be simplified.
Really friendly UI - loads of info. Support was also great.
Seems to over-include packages, creating false positives for things that aren't in our BOM. Need to understand how to configure the system to get a more accurate result. Also, would like a CSV export of vulnerability data to make it possible to create...
Black duck serves as a good platform to identify third party software risk factors. It can be easily integrated as of part of CI/CD tools to scan security, license risk etc. It shows the exact break up of all the risky components of the binaries.
Really friendly UI - loads of info. Support was also great.
It is difficult and tedious to use. That it is incapable of recognizing subtle differences in versions that do and don't matter. That its tasks require multiple steps that could be simplified.
Seems to over-include packages, creating false positives for things that aren't in our BOM. Need to understand how to configure the system to get a more accurate result. Also, would like a CSV export of vulnerability data to make it possible to create...
