Reputation: 313
How scanning code from Veracode is different from scanning code from Black Duck
I am trying to adopt Black Duck for my application.I already have Veracode for scanning my applications. Therefore i wanted to understand how Black Duck scanning is different from Veracode Scan. How technically the scan is different??
Upvotes: 0
Views: 1687
Answers (1)
Reputation: 56
I assume you're talking about SAST testing with Veracode; that is a form of doing program analysis, where it analyzes the application looking for potential security risks present in it.
Black Duck performs component analysis, or "Software Composition Analysis (SCA)"- it analyzes the application and inventories the known components included in it (e.g. Spring Framework). It looks for known security issues in those components, as well as other types of things such as which OSS licenses those components use, etc.
Both take the application as input but look at potential risk through different lenses. SAST is looking at risks in the code that the application runs (i.e. that you write), while SCA looks at the risk in the components that the app uses.
For more reading:
Upvotes: 3
Related Questions
- Code 39 barcode scans a different value when using a USB scanner and a phone camera scanner
- Why do I get different QR codes from the same input with different QR generators?
- Are there any different between Scan image through camera and capturing image from camera?
- Difference between Sonarqube & SonarScanner
- Why do these two items have the same barcode?
- Windows scancodes for F11 and F12 are different. Why?
- What are the differences between two versions of Scanner?
- What's the difference between a buffio.Scanner and a text/scanner.Scanner?
- Difference between the barcode fonts and other barcode libraries
- Accuracy of barcode vs qrcode?