Black Duck collaborates with Google Cloud Platform for development, deployment of cloud applications and containers



Black Duck announced Thursday it is a Google Cloud Technology Partner. Through the collaboration, Google customers can use Black Duck solutions to accelerate production use of the cloud and containers as well as increase security and productivity with automated intelligence, visibility and control as they move workloads to the Google Cloud Platform (GCP). Black Duck solutions with Google Cloud Platform provide automated visibility, intelligence, and control for cloud applications and container images as part of secure DevOps.

Black Duck is releasing its Black Duck Hub solution as a cloud service on Google Cloud Launcher Marketplace, enabling organizations to deploy Hub on GCP. Hub allows Google Cloud customers to scan applications and container images, identify all the open source components, detect and analyze known security vulnerabilities, compliance issues, and code-quality risks, and enable policy management to control risks and their remediation. Additionally, Hub dynamically monitors the scanned code and provides alerts on newly discovered open source vulnerabilities or policy violations.

Google customers can also use Hub to access the Black Duck KnowledgeBase, a comprehensive data store of open source components and risk intelligence.

“For very clear economic and productivity reasons organizations are highly motivated to migrate their applications to the cloud,” said Black Duck CEO Lou Shipley. “Because open source comprises most of the code in their applications and containers, they need to be sure the open source is secure and compliant. Black Duck Hub and Google Cloud provide that assurance.”

“In order to deliver high quality software, we’re constantly scanning our products for vulnerabilities and security threats,” said Aram Price, Senior Software Engineer, Pivotal. “We collaborated with Black Duck to automate security scanning during development, and with the most recent release of Black Duck Hub we can also automate deployment to Google Cloud.”

Headquartered in Burlington, Massachusetts, Black Duck is used by organizations to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk.

With Black Duck Hub on GCP, users can automate security and compliance as a part of their development lifecycle and continuous integration and delivery (CI/CD) pipeline, allowing DevOps and Security teams to enhance speed and agility while controlling risks. Black Duck Hub integration with Google Container Engine (GKE) allows users to scan and monitor container images in the Google Container Registry (GCR). Black Duck Hub can be used with third-party CI/CD tools on GCP, including Jenkins on Google Container Engine in a multi-node Kubernetes cluster, or with Bamboo, Team City, Maven, and Gradle; and Black Duck’s IDE integrations allow software developers to select safe and secure open source using plug-ins to Eclipse and Visual Studio.

Organizations are increasingly deploying applications in the cloud and moving into containerized delivery models, powered by open source architectures. These new models enable software innovation with speed and agility.

At the same time, DevOps and Security teams are looking for increased visibility and control over what is inside of their organizations’ applications and container images. It is important for open source security to be integrated with new cloud and container architectures and DevOps processes.

In May, Black Duck partnered with Atlassian Corp., a vendor of team collaboration and productivity software, to manage open source security, compliance, and quality risks, while ensuring DevOps teams maintain speed and agility. The organizations’ goal is to provide development teams with solution integrations that enhance their ability to maintain velocity and security as they build software using open source components.

Black Duck has released two Atlassian integrations to automate the management and security of open source and both are available through the Atlassian Marketplace.

Black Duck’s Atlassian JIRA Software integration allows teams to trigger and manage developer workflows based on open source use and security policies defined in Black Duck Hub. The integration also alerts JIRA Software users when new open source vulnerabilities are identified by Hub. Black Duck’s Atlassian Bamboo CI integration enables teams to automate discovery of open source in their code via Bamboo build processes, helping teams efficiently track and automate open source use as part of their continuous delivery pipeline. This will also help enforce policies to prevent release of applications with unsafe or non-compliant open source.

Google Cloud customers can install Black Duck Hub through the Google Cloud Launcher Marketplace, allowing them to run scans directly in the Google Cloud environment. Hub is available with a 14-day free trial for Google customers.

Leave a Reply

WWPI – Covering the best in IT since 1980