DevOps integrations for developers

Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.

Automate risk detection

Trigger application security tests based on pipeline events including build, SCM check-in, preproduction unit testing, and more.

Accelerate triage and remediation

Enforce risk tolerance policies, establish security gates, and provide clear fix guidance to developers within their existing tools and workflows.

Boost developer productivity

Deliver real-time risk insight and noncompliance alerts to avoid late-stage rework.

IDE

SCM

Build and CI

Package manager

Binary repository

Workflow and notifications

Security testing

Production deployment

IDE

Integrated development environment (IDE) integrations

The Code Sight IDE plug-in integrates SAST and SCA scans into the developer IDE, enabling developers to identify and fix vulnerabilities before committing code, saving time and improving code quality.

software risk manager, coverity, code sight

Eclipse

Upload binaries to Black Duck for static analysis. Review scan results from within Eclipse to remediate security findings in your apps.

software risk manager, coverity, code sight

IntelliJ IDEA

Upload binaries to Black Duck for static analysis. Review scan results from within Intellij to remediate security findings in your apps.

Software risk manager, coverity code sight

Visual Studio

Compile and upload apps to Black Duck for static analysis. Identify security findings, view datapath info, and get remedition guidance within the IDE.

Coverity

Android Studio

code sight

Cursor

Coverity

IBM

Code sight, Coverity

PhpStorm

code sight, coverity

PyCharm

code sight coverity

RubyMine

Coverity

QNX Momentics Tool Suite

coverity, code sight

Visual Studio Code

code sight, coverity

WebStorm

CODE SIGHT

Windsurf

Coverity

Wind River

SCM

Source Code Management (SCM) integrations

Black Duck's security tools integrate with leading source code management solutions to enable rapid scans on every pull or merge request to provide quick results and prevent issues from impacting other teams.

BLACK DUCK, COVERITY, POLARIS

GitHub

Automate Black Duck SAST or SCA scanning of your application code from within GitHub.

Learn more

BLACK DUCK, COVERITY, POLARIS

GitLab

Perform SAST or SCA scans on each new build with integration to GitLab templates.

coverity, polaris, software risk manager

Bitbucket

Black Duck Security Scan Pipe integrates Black Duck security testing into your Bitbucket pipeline.

BLACK DUCK, COVERITY, POLARIS, SEEKER

Azure DevOps

Build and CI

Build and CI integrations

Black Duck’s security tools integrate with leading build and CI tools to add security into CI/CD pipelines. Security teams can enforce policies by integrating scan results into quality gates, enabling them to break builds if violations occur.

BLACK DUCK, COVERITY, POLARIS

GitHub Actions

Automate Black Duck SAST or SCA scanning of your application code from within GitHub.

Learn more

BLACK DUCK, COVERITY, POLARIS

GitLab CI

Perform SAST or SCA scans on each new build with integration to GitLab templates.

BLACK DUCK, COVERITY, POLARIS, SEEKER, SOFTWARE RISK MANAGER

Jenkins

Black Duck Jenkins Plugin automates building, uploading, and scanning of application code in Jenkins pipelines.

BLACK DUCK, POLARIS

AWS CodeBuild

BLACK DUCK, COVERITY, POLARIS, SEEKER

Azure DevOps

BLACK DUCK, COVERITY, POLARIS

Bamboo

POLARIS

Bitbucket Pipelines

BLACK DUCK, POLARIS

CircleCI

BLACK DUCK, POLARIS

CloudBees

BLACK DUCK, POLARIS

CodeShip

BLACK DUCK, POLARIS

Concourse

BLACK DUCK, COVERITY, POLARIS

Gradle

BLACK DUCK, POLARIS

sbt

BLACK DUCK, POLARIS, SOFTWARE RISK MANAGER

TeamCity

BLACK DUCK, POLARIS

Travis CI

COVERITY, POLARIS

Wind River Studio

Package manager

Package manager integrations

Black Duck works with package management tools to identify open source and third-party components in applications to help manage security, license, and component quality risks associated with dependencies.

BLACK DUCK, COVERITY, POLARIS

Maven

Integrate Black Duck Static Analysis scanning with Apache Maven into existing build processes that you use in your SDLC.

BLACK DUCK, POLARIS

Gogradle

Black Duck Static Analysis scanning with Gogradle into existing buid processes that you use in your SDLC.

BLACK DUCK, COVERITY, POLARIS

npm

Integrate Static Analysis scanning with npm to seamlessly add static scanning into existing build processes that you use in your SDLC.

POLARIS

Apache Ivy

black duck

Bazel

Polaris

BitBake

coverity

Bower

BLACK DUCK, POLARIS

Cargo

BLACK DUCK, POLARIS

CocoaPods

black duck

Composer

BLACK DUCK, POLARIS

Conan

BLACK DUCK, POLARIS

Conda

BLACK DUCK, POLARIS

CPAN

POLARIS

CRAN

POLARIS

Dart

POLARIS

Erlang

POLARIS

Git

POLARIS

Go Dep

BLACK DUCK, POLARIS

Go Module CLI

POLARIS

Go Modules

POLARIS

Go Vendor

BLACK DUCK, POLARIS

Go Vndr

POLARIS

Gradle

POLARIS

Hex

BLACK DUCK, POLARIS

Lerna

BLACK DUCK, POLARIS

NuGet

POLARIS

Packagist

black duck

Packrat

POLARIS

PEAR

BLACK DUCK, POLARIS

Pip

POLARIS

Pnpm

BLACK DUCK, POLARIS

Poetry

POLARIS

Rebar

black duck

Rebar3

BLACK DUCK, POLARIS

RubyGems

POLARIS

sbt

POLARIS

Swift and Xcode

COVERITY, BLACK DUCK, POLARIS

Yarn

black duck

Yocto Project (YP)

Binary repository

Binary repository integrations

Black Duck integrates with binary repositories to host approved open source packages and store build artifacts to help developers identify source code and open source dependency violations to ensure code quality and compliance.

Black Duck

Artifactory

Identify source code and open source dependency violations in Artifactory repositories.

black duck

Nexus Repository

Scan docker images for threats with Black Duck Binary Analysis integration.

Black Duck

Amazon ECR

Streamline AppSec testing of images in Google containers.

Black Duck

Azure

Black Duck

Docker Registry

Black Duck

Google Container Registry

Workflow and notifications

Workflow and notifications integrations

Black Duck integrates with popular notification and workflow management tools to flag vulnerabilities and send issues to downstream teams for resolution.

BLACK DUCK, COVERITY, POLARIS, SEEKER, SOFTWARE RISK MANAGER

Jira Software

The Black Duck plugin for JIRA creates issues based on vulnerabilities and issue policy violations detected by Black Duck.

COVERITY, POLARIS, SEEKER, SOFTWARE RISK MANAGER

Secure Code Warrior

Black Duck and Secure Code Warrior provide an integrated solution to prevent security issues at the developer desktop to accelerate time to remediation.

black duck, seeker, software, risk manager

Slack

The Black Duck plugin for Slack allows you to create Slack notifications based on vulnerabilities and policy violations detected by Black Duck.

BLACK DUCK, POLARIS

Azure DevOps

Coverity

Bugzilla

BLACK DUCK, POLARIS

CycloneDX

POLARIS

GitHub Issues

black duck, software risk manager

Microsoft Teams

BLACK DUCK, POLARIS

SPDX

Security testing

Security testing integrations

Black Duck offers an open platform that can integrate with several third-party security testing tools, enabling organizations to consolidate SAST, SCA, DAST, Infrasec, CNAPP, IaC, and pen testing in one place.

Click here for a full list of our supported integrations.

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Checkmarx

Black Duck’s ASPM solution can ingest vulnerability findings from Checkmarx into Polaris for a complete and centralized view of application risk posture across your organization.

BLACK DUCK, POLARIS, SOFTWARE RISK MANAGER

Snyk

Black Duck’s ASPM solution can ingest vulnerability findings from Snyk into Polaris for a complete and centralized view of application risk posture across your organization.

BLACK DUCK, COVERITY, POLARIS, SOFTWARE RISK MANAGER

Veracode

Black Duck’s ASPM solution can ingest vulnerability findings from Veracode into Polaris for a complete and centralized view of application risk posture across your organization.

software risk manager

Acunetix

software risk manager

Anchore Enterprise

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Android Studio Lint

coverity

AppSecAI Expert Triage Automation

software risk manager

AppSpider

software risk manager

Aqua

software risk manager

Arachni

BLACK DUCK, POLARIS

Black Duck Binary Analysis

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Brakeman

software risk manager

Burp Suite

software risk manager

Checkstyle

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Clang

COVERITY, POLARIS

Clippy

software risk manager

Code Cracker

COVERITY, POLARIS, SOFTWARE RISK MANAGER

CodePeer

software risk manager

CodeSonar

Coverity

CoGuard - Infrastructure Security and Automation

software risk manager

Contrast Assess

POLARIS

Coverity

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Cppcheck

BLACK DUCK, COVERITY

Cycode

COVERITY, POLARIS

DefenseCode ThunderScan

SOFTWARE RISK MANAGER

Dependency-Check

BLACK DUCK, POLARIS

Dependency-Check (SCA)

software risk manager

Dependency-Track

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Errcheck

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Error Prone

COVERITY, POLARIS, SOFTWARE RISK MANAGER

ESLint

software risk manager

Find Security Bugs

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Fortify

COVERITY, POLARIS

FxCop

COVERITY, SOFTWARE RISK MANAGER

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Gendarme

COVERITY, POLARIS

GitLab Security

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Go Vet

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Gocyclo

COVERITY, POLARIS

GoLint

COVERITY, POLARIS, SOFTWARE RISK MANAGER

GoSec

BLACK DUCK, COVERITY, POLARIS, SOFTWARE RISK MANAGER

HCL AppScan on Cloud

COVERITY, POLARIS

HCL AppScan Source

COVERITY, POLARIS

Helix QAC

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Ineffassign

software risk manager

IriusRisk Threat Modeling

BLACK DUCK, POLARIS, SOFTWARE RISK MANAGER

JFrog Xray

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Jlint

COVERITY, SOFTWARE RISK MANAGER

JSHint

software risk manager

Microsoft

COVERITY, POLARIS

Microsoft Code Analysis

software risk manager

Mobile Secure

COVERITY, POLARIS

MobSF

COVERITY, POLARIS

MobSF Scan

COVERITY, POLARIS

NDepend

software risk manager

Nessus

software risk manager

Netsparker

software risk manager

Nexus Lifecycle

software risk manager

Nmap

software risk manager

NowSecure

COVERITY, POLARIS, SOFTWARE RISK MANAGER

OCLint

software risk manager

OWASP ZAP

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Parasoft JTest / C++Test / dotTest

COVERITY, POLARIS

PHPMD

COVERITY, POLARIS, SOFTWARE RISK MANAGER

PHP_CodeSniffer

software risk manager

PHP Mess Detector

software risk manager

phpcs-security-audit

COVERITY, POLARIS

PMD

software risk manager

Prisma Cloud

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Pylint

software risk manager

Q-mast

software risk manager

Qualys

COVERITY, POLARIS

Rapid Scan SAST

COVERITY, POALRIS, SOFTWARE RISK MANAGER

Retire.js

COVERITY, POALRIS, SOFTWARE RISK MANAGER

SafeSQL

COVERITY, POLARIS

SARIF

COVERITY, POLARIS

SATE

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Scalastyle

COVERITY, POLARIS

SCARF

COVERITY, POLARIS

SciTools Understand

software risk manager

SD Elements

software risk manager

Security Code Scan

COVERITY, POLARIS

Semgrep

BLACK DUCK, COVERITY, POLARIS

Software Risk Manager

COVERITY, POLARIS

SonarQube Generic Issue Import Format

COVERITY, POLARIS, SOFTWARE RISK MANAGER

SpotBugs / FindBugs

software risk manager

sqlmap

COVERITY, POLARIS, SOFTWARE RISK MANAGER

Staticcheck

software risk manager

Tenable

COVERITY, POLARIS

TFLint

COVERITY, SOFTWARE RISK MANAGER

Thunderscan

COVERITY, POLARIS

TruffleHog

software risk manager

Trustwave App Scanner

software risk manager

Vex

Black Duck

Vigilant Ops

COVERITY, SOFTWARE RISK MANAGER

Visual Studio Code Analysis

Software Risk Manager

WhiteSource

COVERITY, POLARIS

WPScan

COVERITY, POLARIS

ZPA

Production deployment

Production deployment integrations

Black Duck solutions integrate with leading production deployment tools to enable application releases that keep pace with development velocity, scale with organizations’ software footprint, and thoroughly test for quality.

Seeker

Amazon Web Services

Deploy compliant code releases tested by Black Duck to the cloud with Amazon Web Services.

black duck

Google Cloud

Deploy compliant code releases tested by Black Duck to the cloud with Google Cloud.

black duck

Kubernetes

Deploy compliant containerized apps tested by Black Duck with Kubernetes.

seeker

Cloud Foundry

black duck

IBM Cloud Pak for Applications

black duck

Microsoft Azure

black duck, seeker

Red Hat OpenShift

seeker

Development and DevOps Integrations

Find and address risks without creating friction.

Black Duck DevOps integrations and security plug-ins are designed to establish reliable, automated mechanisms to detect and remedy security and compliance risks within complex tech stacks in ways that uphold developers’ need for speed and security’s need for coverage.

Automate risk detection

Accelerate triage and remediation

Boost developer productivity

Integrated development environment (IDE) integrations

Eclipse

IntelliJ IDEA

Visual Studio

Android Studio

Cursor

IBM

PhpStorm

PyCharm

RubyMine

QNX Momentics Tool Suite

Visual Studio Code

WebStorm

Windsurf

Wind River

Source Code Management (SCM) integrations

GitHub

GitLab

Bitbucket

Azure DevOps

Build and CI integrations

GitHub Actions

GitLab CI

Jenkins

AWS CodeBuild

Azure DevOps

Bamboo

Bitbucket Pipelines

CircleCI

CloudBees

CodeShip

Concourse

Gradle

sbt

TeamCity

Travis CI

Wind River Studio

Package manager integrations

Maven

Gogradle

npm

Apache Ivy

Bazel

BitBake

Bower

Cargo

CocoaPods

Composer

Conan

Conda

CPAN

CRAN

Dart

Erlang

Git

Go Dep

Go Module CLI

Go Modules

Go Vendor

Go Vndr

Gradle

Hex

Lerna

NuGet

Packagist

Packrat

PEAR

Pip

Pnpm

Poetry

Rebar

Rebar3

RubyGems

sbt