Open Source Software Blackduck will integrate the DevOps tool to provide automated security and control open source gives the accelerated detection protection management and moitoring so we need DevSecOps
Build fast and Stay Secure
Detecting and Preventing deployment of vulnerable applications,containers and infrastructure-as-code
continuously monitoring for and alert for newly reported vulernabilites impact the apps that was already deployed
Security,quality and license risk
to scan our packages in the CI/CD pipelines and to be able to stop deployments if there were serious vulnerabilities that might affect us and/or our customers
Doc:https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html
Black Duck, a Software Composition Analysis (SCA) tool, helps with managing the supply chain of software, understanding the third-party components in use and minimizing risks from known vulnerabilities and licensing. Black Duck is a comprehensive solution for supply chain management, based primarily on source analysis.
Using Black Duck, you can:
Scan your code and identify open source software that exists in your code base.
View the generated Bill of Materials (BOM) for your software projects.
View vulnerabilities that have been identified in open source components.
Assess your security, license, and operational risk.
Protex users can use Black Duck to view and manage security vulnerabilities in their existing BOMs
Docs:https://community.synopsys.com/s/document-item?bundleId=bd-hub&topicId=Welcome.html&_LANG=enus
Community:https://community.synopsys.com/s/black-duck
Github link:https://github.com/blackducksoftware
Blackduck can integrate with backstage https://github.com/deepan10/backstage-plugin-blackduck
To Know how Black Duck works go to the website https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html and click on Product Tour
Project:https://community.synopsys.com/s/article/Black-Duck-Creating-Projects