Hacker News

BlackDuck Alternatives

We use BlackDuck at work to scan our jar for open source components with weak licenses. Thing is, BlackDuck's scan tool takes too long (60+ min on a 400mb jar), and their support kinda sucks.

Anyone have recommendations on a better tool? I'm googling the competitors but would be interested to know what people's experiences were (as opposed to just reading the shiny marketing-speak)

3 pointsluthien2 posted 2 months ago2 Comments
relaunched said 2 months ago:

I'm not sure about better, or what features you are looking for specifically. But, check out: WhiteSource CheckMarx OSA tools - though very new Veracode has a nice OSA / CVE tool And there are a whole slew of open source tools too.