Black Duck’s open source KnowledgeBase™ is the industry’s most comprehensive database of open source project, license, and security information, sourced and curated by the Cybersecurity Research Center (CyRC), covering more than 8.7 million open source components from over 57,700 forges and repositories.

Get unparalleled insight into open source components

3,000 unique open source licenses

The KnowledgeBase contains more than 3,000 unique open source licenses (GPL, LGPL, Apache, etc.), with full license text for the most popular open source licenses and dozens of encoded attributes and obligations for each license.

317,000 unique vulnerabilities

We track more than 317,000 unique vulnerabilities affecting more than 426,000 component versions, including thousands of Black Duck exclusive vulnerabilities not contained in the National Vulnerability Database (NVD) or other sources.

10+ million open source projects

We catalog more than 10 million unique open source projects, allowing highly accurate matches to the components that compose your software, including modified code and open source code snippets.

Deep license data

Deep license data identifies embedded licenses to help organizations trust the use of thousands of projects with no declared license. Deep license data exposes projects with no license data, which are high-risk, and provides full license text for the most popular open source licenses.

Black Duck software composition analysis technology

Multifactor open source scanning

See every open source component in your code across your applications and containers.
Learn more

Enhanced vulnerability data

Stay ahead of open source threats with real-time alerts up to three weeks before the NVD and actionable remediation guidance.
Learn more

End-to-end DevOps integrations

Easily connect Polaris directly to GitHub, GitLab, Bitbucket, or Azure repositories and set schedules for automated scanning of projects.
Learn more

With millions of open source projects available globally from thousands of websites and forges, it can be difficult (and sometimes impossible) to effectively track your open source use and manage the application security, software license compliance, and component quality risks that come with it. Black Duck SCA solves this problem, giving development, security, and legal teams maximum visibility and control of open source in their applications and containers. The open source KnowledgeBase is the foundation for Black Duck SCA, providing the industry’s most comprehensive database of open source component, vulnerability, and license information.

The intelligence foundation behind ContextAI

The KnowledgeBase, with data on millions of open source components, licenses, and vulnerabilities, informs ContextAI™ with the essential data needed to deliver secure software at scale and leverage AI with confidence.

Discover ContextAI
ContextAI

Related content

Video

See how Black Duck® SCA works

Watch the video
Datasheet

Black Duck software composition analysis

Secure open source with compliance and quality control
Learn more
CASE STUDY

Delivering Open Source Cybersecurity

Learn how Trend Micro improved their vulnerability management
Learn more
White Paper

Managing Transitive Dependencies in Open Source Software

Five risks of transitive dependencies & nine ways to avoid them
Learn more
eBook

Five Considerations for Securing Your Software Supply Chain

Learn how to spot and fix weak links in your software supply chain
Learn more
Report

Gartner® Magic Quadrant™

See why Black Duck is a Leader in application security testing
Learn more