Black Duck Software Composition Analysis (SCA) vs. Rencore Code (SPCAF)

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Black Duck Software Composition Analysis (SCA)
Score 10.0 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.N/A
Rencore Code (SPCAF)
Score 8.8 out of 10
Enterprise companies (1,001+ employees)
Many organizations that use Office 365 are exposed to security risks that they are unaware of. As they extend SharePoint to meet their business needs, they build applications using technologies that range from end-user Microsoft Flow to developer-focused SharePoint Framework. Unfortunately, all of these custom applications are capable of circumventing the security measures organizations have in place exposing the organization and its data to security…N/A
Pricing
Black Duck Software Composition Analysis (SCA)Rencore Code (SPCAF)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Black Duck Software Composition Analysis (SCA)Rencore Code (SPCAF)
Free Trial
NoYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalOptional
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
Community Pulse
Black Duck Software Composition Analysis (SCA)Rencore Code (SPCAF)
Considered Both Products
Black Duck Software Composition Analysis (SCA)
Chose Black Duck Software Composition Analysis (SCA)
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has.

Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of …
Chose Black Duck Software Composition Analysis (SCA)
Black Duck had similar capabilities to other vendors in the industry but where they come out on top is their extensive catalog of known open source in their knowledge base.
Rencore Code (SPCAF)
Chose Rencore Code (SPCAF)
There are no other products like this directly, although one could use combinations of settings with SonarQube, etc. to achieve similar results. There will still be a gap that will require manual effort.
Chose Rencore Code (SPCAF)
I'm not aware of products that do the same as the Rencore offering. I think they'd be hard to beat.
Chose Rencore Code (SPCAF)
I have found no other product that is able to do a similar analysis.
Chose Rencore Code (SPCAF)
For code analysis and code transformation there are no alternatives. Other cloud governance vendors mainly focus on security and permissions, whereas Rencore main focus is customizations.
Chose Rencore Code (SPCAF)
I don't know of any products that compete in the space and if there were any, they would not stand a chance against Rencore.
Behind any good product is a team of highly skilled individuals, who all have the same goal, who are passionate what they do and lastly, are in it for …
Best Alternatives
Black Duck Software Composition Analysis (SCA)Rencore Code (SPCAF)
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Black Duck Software Composition Analysis (SCA)Rencore Code (SPCAF)
Likelihood to Recommend
10.0
(0 ratings)
8.8
(0 ratings)
Usability
8.0
(0 ratings)
-
(0 ratings)
Support Rating
8.2
(0 ratings)
9.1
(0 ratings)
User Testimonials
Black Duck Software Composition Analysis (SCA)Rencore Code (SPCAF)
Likelihood to Recommend
If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production
Read full review
For Microsoft shops that are doing custom development on the Microsoft cloud platform in Office 365 and Azure, the Rencore toolset is an absolute must, especially if you are involved in converting farm solutions to cloud, or just moving into cloud development for the first time.
Read full review
Pros
  • Vulnerability scans
  • Tracking of the problem
  • Alerting
Read full review
  • Support - It is very quick relative to other vendors in this space and also very thorough.
  • Product Features - It appears to be the only product in the market that has ALL the pieces for a baseline SPFx project versus no tools or manual activities.
Read full review
Cons
  • Very slow.
  • Bad UX.
  • Outdated design.
  • Too expensive.
Read full review
  • Rencore's product line is of course still a bit of a niche: SharePoint code quality is not something every organization on the planet is concerned with - although Rencore does much more than that.
  • We feel Rencore's marketing efforts are mainly targeted at technologists. There's a lot of other potential, especially for their platform governance product.
Read full review
Usability
If you don’t know how to scan for the language, it isn’t entirely user friendly
Read full review
No answers on this topic
Support Rating
I have a very strong reason for the very best rating. Usually, Black Duck support is quick enough and they continuously keep me updated about the status if some issue is taking time for them to resolve. Overall, I am happy with the response I get from t customer care. I was planning an upgrade and I ran into an issue as the migrated Postgres database does not get identified by the new version of the hub. And all the projects, scans and the huge amount of work we put in comments under version are all lost. I immediately opened a case in the Black Duck customer portal. And in no time, I get a message back from the support for a quick WebEx session. And support was able to help me and my weekend was saved. Thank you for the quick support Black Duck. Appreciate it. I also have some questions on using Black Duck in an optimal way. I get helpful replies quick enough.
Read full review
Happy with the fast and meaningful responses.
Read full review
Alternatives Considered
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Read full review
I don't know of any products that compete in the space and if there were any, they would not stand a chance against Rencore. Behind any good product is a team of highly skilled individuals, who all have the same goal, who are passionate what they do and lastly, are in it for the betterment of where they started; As Developers themselves. You can't buy that
Read full review
Return on Investment
  • It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.
Read full review
  • Valuable insights into large existing SharePoint customizations that would otherwise would have taken weeks to analyze and assess on quality.
  • Without Rencore's tooling, it would be impossible to track changes to client-side code. For example, we can tell exactly who changed which JavaScript in which webpart in the environment.
  • Transformation tools helped developers migrate their existing code bases to the cloud, while already providing an automatically translated code base to start from.
Read full review
ScreenShots

Black Duck Software Composition Analysis (SCA) Screenshots

Screenshot of Black Duck helps you find and fix your highest-priority vulnerabilitiesScreenshot of Use Black Duck to comply with open source license obligations and to verify compliance with all open source license  termsScreenshot of Black Duck automatically creates tickets in your activity tracking applications like Jira for both policy violations and vulnerabilitiesScreenshot of Black Duck's vulnerability ImpactAnalysis indicates whether a vulnerability is actually being called by your applicationScreenshot of The Black Duck security advisory gives the information you need to address security risks and make the fixScreenshot of Black Duck generates a Bill of Materials which gives you a complete and detailed inventory of all open source identified in your codebase

Rencore Code (SPCAF) Screenshots

Screenshot of Using third party libraries allows you to build your SharePoint and Office 365 applications faster and focus on functionality specific for your organization. But regularly, security vulnerabilities are discovered in these external dependencies. If left unpatched, they become a security risk for your organization and its data. Rencore automatically warns you when any of the third-party libraries used in your applications has known vulnerabilities that could be exploited to hack your environment.Screenshot of Third-party libraries are regularly updated to improve performance and stability. Many organizations however don’t know when a new version of the library they use in their SharePoint and Office 365 applications is released and they keep using the old versions which exposes them not only to bugs but also to security risks. Rencore automatically warns you when a new version of a library that you use is available allowing you to verify the contents and the impact of the upgrade.Screenshot of Without proper tooling, it’s impossible to successfully enforce an application governance plan in SharePoint and Office 365. The number of ways in which users could possibly extend SharePoint combined with the thousands of pages and hundreds of settings that can be configured, make it impossible to continuously monitor for alignment with the organizational policies. 

Rencore helps you understand the configuration of your tenant as well as discover the different SharePoint and Office 365 applications used in your organization. With Rencore you will easily understand how these applications are built, which dependencies they have and which possible risks they expose your organization to.Screenshot of Your organization tailors SharePoint and Office 365 to its specific needs to get more value of its investment in the platform. But each organization has different needs and is subject to different laws and regulations. 

Rencore allows you to configure what policies you want to enforce in your tenant. Each violation gets reported so that you can take corrective action and successfully enforce your organization’s application governance plan.Screenshot of As you start discovering issues in your SharePoint and Office 365 environment, you will be taking corrective actions to mitigate the risks. Rencore helps you track these issues and the related tasks so that you can easily follow up on the status of each issue and control that your organization is improving over time.Screenshot of It’s not enough to have your SharePoint and Office 365 applications verified for compliancy with your organization’s policies before using them in production. As your applications evolve, they will require changes and each change exposes you to a number of risks. Rencore helps you track how your applications change over time, even if these applications don’t follow centralized deployment and are managed by power-users. Each change is assessed for potential risks that it could expose your organization to.