Scanning your code

Black Duck component scanning is scanning functionality that provides an automated way to determine the set of open source software (OSS) components that make up a software project. Component scanning helps organizations manage their use of open source binaries by identifying and cataloging OSS components in order to provide additional metadata such as license, vulnerability, and OSS project health for those components.

Black Duck provides these scanning tools:

• Black Duck Detect. Black Duck Detect is the recommended scanning tool for Black Duck.

• Black Duck's Rapid Scanning provides a way for developers to quickly determine if the versions of open source components included in a project violate corporate policies surrounding the use of open source. Using Black Duck Detect, Rapid Scanning quickly returns results as it only employs package manager scanning and does not interact with the Black Duck server database. Refer to the Black Duck online help or User Guide for more information about Rapid Scanning.

• Black Duck Detect (Desktop), as described below.

• Command line (CLI) version of Signature Scanner. Refer to the Black Duck online help or User Guide for more information.