Version 2025.1
License Metrics: Black Duck licenses its Software pursuant to the following License Metrics. The License Metrics may only be used within the applicable Software type described below.
— For Coverity and Coverity on Polaris —
A “Team Member” is an individual within the Named Development Team who is or has written, modified, or reviewed code (i.e. developers, engineers, analysts, architects, testers and managers) for any scanned or analyzed Code Base during the Term, as well as any individuals who interact with the Software via user interface, email/text alerts, application programming interface, command line interface, reports, or third party integrations. Individuals within the Customer’s organization who perform only software related documentation, project management or finance and administrative tasks are excluded from team size.
— For Defensics Licensed Products —
I. Concurrent User License
A “Concurrent User License” restricts the use of the Software, at any one time, to the maximum number of users identified in the applicable Purchasing Agreement. Use of the Software is further restricted to use on the code base or project stated in the applicable Purchasing Agreement.
II. Lab Seat License
A "Lab Seat" license limits the usage to one fuzz test type “Protocol” run per Instance, based on the number of testing seats purchased. For example, if three Lab Seats are purchased, it means a single fuzz test run can be performed on up to three different Instances or three fuzz tests can be executed on a single Instance. An “Instance” means any computer operating system, including without limitation a laptop computer, desktop computer, server, virtual machine, virtual appliance, container or similar configurations. The quantity of Lab Seats determines how many allowed Instances can be used concurrently for testing purposes.
A ”Protocol” is a set of rules, formats, procedures, and message structures that define how two or more entities communicate, exchange data, and interoperate. In computing, a protocol specifies how messages are formatted, ordered, and processed so that systems with different architectures or implementations can interact reliably.
Lab location - The Lab Seat license is valid for only one specific physical “lab location”/hostID (“Lab Location”), and the license holder is only allowed to use it within that Lab Location. Unauthorized use of the license outside the Lab Location(s) without proper authorization may result in a violation of the license agreement and potential legal consequences. To expand the Lab Seat license to cover additional Lab Locations, the license holder must purchase additional seats corresponding to the number of desired locations. Each Lab Seat allows the license holder to use the software in one Lab Location.
— For Black Duck Licensed Products —
I. Team Member License
A “Team Member” is an individual within the Named Development Team who is or has written, modified, or reviewed code (i.e. developers, engineers, analysts, architects, testers and managers) for any scanned or analyzed Code Base during the Term, as well as any individuals who interact with the Software via user interface, email/text alerts, application programming interface, command line interface, reports, or third party integrations. Individuals within the Customer’s organization who perform only software related documentation, project management or finance and administrative tasks are excluded from team size.
II. Managed Code Base Capacity License
A “Managed Code Base Capacity License” means a license based on the size of the code base owned or controlled by Customer that is input into the Software by Customer and managed using the Software over the course of the applicable license term. If applicable, the size of the managed code base equals the aggregate of code added to the managed code base; provided that the size of the managed code base does not include code used by Customer for training purposes or that is inadvertently added by Customer and deleted upon discovery.
III. Project License
“Project” means a project defined within the Black Duck Hub system as a software application or component(s) that is analyzed separately through Black Duck SCA. Projects can have unlimited projects versions. Typically, projects are a group of files that make up the software application. A project is defined by the setup in Black Duck Hub and not limited in size or other external parameters such as the delivered functionality or by means of its installation. Projects, once defined, are not reusable. Re-use constitutes another project by definition.
- For Seeker Licensed Products –
I. Team Member License
A “Team Member” is an individual within the Named Development Team who is or has written, modified, or reviewed code (i.e. developers, engineers, analysts, architects, testers and managers) for any scanned or analyzed Code Base during the Term, as well as any individuals who interact with the Software via user interface, email/text alerts, application programming interface, command line interface, reports, or third party integrations. Individuals within the Customer’s organization who perform only software related documentation, project management or finance and administrative tasks are excluded from team size.
- For SRM Licensed Products –
I. “Asset” means, pertaining to the InfraSec capability, a network or infrastructure component, such as an IP address, that is monitored by the SRM system for the purposes of reporting on network vulnerabilities. Examples include network scan results from Nessus, and IP addresses.
II. “Project” means a project within the SRM system is defined as a software application or component(s) that is analyzed separately through SRM. Projects can be hierarchical with one or more components. Typically, projects are a group of files that make up the software application. A project is defined by the setup in SRM and not limited in size or other external parameters such as the delivered functionality or by means of its installation. Projects, once defined, are not reusable. Re-use constitutes another project by definition.
III. “User” means a ‘named user’ of the SRM system. A ’named user’* is someone who would log into the SRM server UI to perform their job duties such as reviewing vulnerability findings, assigning status, configuration, dashboarding and more. The named user can be but is not limited to AppSec and DevOps team members, security and triage analysts and security leads (including developers). Some beneficiaries of SRM do not log directly into the system but benefit via interaction with the server via APIs and DevOps tools such as JIRA, Jenkins, etc. These beneficiaries do not require a user license. Only those users that log into the UI require a user license.
*To accommodate team changes, such as an internal job role change, a team member leaving the organization, etc., by agreement, named users can be changed on a quarterly basis within the Code Dx system.
IV. “Team Member” is an individual within the Named Development Team who is or has written, modified, or reviewed code (i.e. developers, engineers, analysts, architects, testers and managers) for any scanned or analyzed Code Base during the Term, as well as any individuals who interact with the Software via user interface, email/text alerts, application programming interface, command line interface, reports, or third party integrations. Individuals within the Customer’s organization who perform only software related documentation, project management or finance and administrative tasks are excluded from team size.
- For Managed Service Provider Licensed Products –
“Each" in respect of Software means that a managed service provider has the right to use one instance of the Software to provide managed services for its customer base. For example, in the context of a Coverity license, a quantity of one (1) and type “Each” means that the managed service provider can use the Coverity tool to provide managed services to its customer base.
- For Coverity Qualification Kit (“QKIT”) Licensed Products
“Each" in respect of a Licensed Product means that a Customer has the right to use one QKIT for each Customer-specified Functional Safety Project.
- For Polaris Subscription Services
I. BD Polaris fAST Dynamic
“FQDN” license model provides unlimited automated scans for Dynamic analysis for a single Target. The term “Target” means a unique, accessible web application via a Fully Qualified Domain Name (FQDN). For clarity, a subdomain or different root domain is considered a separate Target and would require the purchase of an additional subscription by Customer to scan. No false positive removal will occur.
II. BD Polaris fAST Static, BD Polaris fAST SCA and BD Polaris Platform Standard.
A “Team Member” is an individual within the Named Development Team who is or has written, modified, or reviewed code (i.e. developers, engineers, analysts, architects, testers and managers) for any scanned or analyzed Code Base during the Term, as well as any individuals who interact with the Licensed Products or Subscription Services via user interface, email/text alerts, application programming interface, command line interface, reports, or third party integrations. Individuals within the Customer’s organization who perform only software related documentation, project management or finance and administrative tasks are excluded from team size.