Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
N/A
ProGet
Score 9.1 out of 10
N/A
inedo offers ProGet, a software repository and package management solution.
N/A
Pricing
Black Duck Software Composition Analysis (SCA)
ProGet
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Black Duck Software Composition Analysis (SCA)
ProGet
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
As of current, the only artifactory management tool that I would recommend is ProGet. The free version is plentiful in features, supporting all feed types that the paid plans do. The paid plans also add even more capabilities on top of the free plan, such as data retention policies, which helps to minimize storage waste on my server and keep everything clean.
The Docker registry feature works great. Compared to Sonatype Nexus 3, I don't need to set up extra ports, as everything just works off the port ProGet itself is running on.
Debian feeds support automatic GPG key generation, without me having to create or manage them myself. This is another spot where ProGet is better than Nexus, as you have to manually create and specify a key with Nexus, while ProGet simply handles it all for you.
I have a very strong reason for the very best rating. Usually, Black Duck support is quick enough and they continuously keep me updated about the status if some issue is taking time for them to resolve. Overall, I am happy with the response I get from t customer care. I was planning an upgrade and I ran into an issue as the migrated Postgres database does not get identified by the new version of the hub. And all the projects, scans and the huge amount of work we put in comments under version are all lost. I immediately opened a case in the Black Duck customer portal. And in no time, I get a message back from the support for a quick WebEx session. And support was able to help me and my weekend was saved. Thank you for the quick support Black Duck. Appreciate it. I also have some questions on using Black Duck in an optimal way. I get helpful replies quick enough.
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Both Sonatype Nexus 3 and ProGet support all the feed types I use, but ProGet simply does them better. The Docker feeds run on the same port as ProGet itself, while Nexus requires additional ports to be set up, which can be a burden when running in Docker. Debian feeds also support GPG key creation without having to manually specify one, again, reducing the burden for me to manually do things, allowing me to set up and distribute my programs even quicker.
