How does it work?

  • Identify components beyond what is explicitly declared by package managers or manifest files, such as Maven and pom.xml, with multifactor open source discovery
  • Identify and track third-party and proprietary components
  • Export SBOMs in SPDX or CycloneDX file structures with NTIA minimum SBOM elements populated
  • Scan at multiple points in the application pipeline to build the most accurate SBOMs with the least amount of friction
  • Produces SBOMs for applications without the need for source code
  • Match identified components to related areas of risk
  • Continuously monitor identified components for newly surfaced security and operation risk
software bill of materials Guide
See eBook

Watch full video

                              Leading the way

Our Awards

Globee Awards Cybersecurity Gold Winner 2025
Globee Awards Cybersecurity Gold Winner 2025
Cybersecurity Excellence Awards 2024
Gold for Application SecurityBlack Duck Polaris™ Platform
2023 Gartner Magic Quadrant for Application Security Testing
2023 Gartner® Magic Quadrant™ for Application Security Testing
Forrester Wave SCA Leader 2024 Recognition
Forrester Wave Leader 2024 Software Composition Analysis
Forrester Wave SAST Leader 2023 Recognition
Forrester Wave Leader 2023 SAST
Gartner Customers' Choice Award 2023 Badge
Gartner Peer Insights Customers’ Choice 2023
Titan Award
2025 TITAN Business Awards Platinum Winner

Request a demo

Thank you for your interest. Expect a follow up email shortly.

In the meantime, see why Black Duck is a Leader in Application Security Testing.