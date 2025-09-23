The results: 40K defects fixed, more than 1,700 open source components identified

“As we anticipated, the Coverity SAST and Black Duck SCA scans caught dozens of forgotten or overlooked weaknesses in our software. Specifically, Coverity SAST uncovered weaknesses that could affect the stability of the software, and in some cases, cast a light on the root causes of long-time unexplained occasional outages. Our teams have fixed close to 40,000 defect instances detected by Coverity SAST since we began working with Black Duck in 2017.”



“Using Black Duck SCA almost immediately improved the level of control over our code by alerting our team to the security and license issues of some open source components,” Bobo said. “Although we knew we were using open source libraries, we were still surprised by the number of libraries that were ending up in our package. In fact, Black Duck SCA identified over 1,700 external components, and 70 different license types.”



“Coverity SAST and Black Duck SCA allowed us to insert security and license compliance into the continuous integration process. Now, security and license noncompliance [issues] are raised to developers at the same time as functional or technical nonconformities, as a main contribution to our shift-left effort.”



“The tools have also helped improve the housekeeping of the code,” Bobo said. “Rather than fixing defects in legacy code that is not being used any longer, developers pare down their code. And rather than including new open source that requires legal approval of yet another license agreement, developers try to make more efficient use of already existing dependencies in their third-party components. When such approval is needed, the legal team directly connects to Black Duck SCA.”



“We would recommend Black Duck as a provider of a comprehensive set of holistic, complementary AppSec solutions, backed by a pool of sharp consultants who understand globally the industries they work with, as well as an organization’s unique processes. For a B2B global organization like MEGA, it’s a must,” Bobo said.