Black Duck Software Composition Analysis (SCA)

This software checks out code for possible vulnerabilities and allow us to “shift left”. This allows the potential issue to be seen and addressed in the beginning stages before the cost to fix are too high.

• We have found issues that could have caused us thousands to resolve but it was caught
• When log4j issue was found, this was instrumental in finding all locations where it needed resolved

Fortify by OpenText

SonarQube Server

It's being used for dependency analysis to find out if there are any known CVEs existing by integrating them in the DevOps tooling. It's very useful to figure out vulnerabilities in the various open-source libraries. This ensures overall security, compliance, and risk management

• Application or Library Scans
• Container scans
• Dependency analysis

• Increased efficiency of the teams
• Rapid identification of security issues

• Increased time to market
• Dwells well with devops
• Significantly negates the speck of a chance of security risks in a software release
• Orchestrates the policies

Vega

VMware ESXi, VMware NSX, VMware Service Manager, VMware Business Continuity & Disaster Recovery, Cisco Unified Computing System Manager, Cisco UCS B-Series, Cisco UCS C-Series, EMC Clariion CX4 Series, Dell EMC Unity, EMC Documentum, Data Domain, JIRA Software, Jenkins, Atlassian Confluence, Bitbucket, Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service, AWS Elastic Beanstalk, AWS Lambda, Microsoft Azure, Microsoft Access, Azure SQL Database, Azure API Management

• It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.

• Too expensive and time-consuming to use/add in the CI/CD.