OSS/SBOM management tool 'Black Duck SCA'

Would you like to prepare for compliance with the Cyber Resilience Act using 'Black Duck SCA', which supports OSS risk management and SBOM creation?

Black Duck SCA is an OSS management and static analysis tool that supports organizations in managing the use of OSS and associated risks through high-performance composition analysis. In preparation for the full implementation of the European Cyber Resilience Act (CRA) starting December 11, 2027, Black Duck SCA can comprehensively support the management of OSS, vulnerability countermeasures, license violation checks, and encryption risks for customer organizations and services with efficient and continuous analysis capabilities. Fujisoft partners with "Black Duck" and "Macnica," specialists in tool knowledge and vulnerability-related issues, to provide reliable support for customers implementing Black Duck SCA. 【Would you like to consult with us first?】 What should you do to comply with the Cyber Resilience Act? I want to start managing OSS/SBOM but don't know how... If you have such concerns, please feel free to consult Fujisoft! ★For those who have already started considering Black Duck SCA and want to know what benefits it offers★ Download the PDF materials or feel free to contact us!

OSS/SBOM Management Tool Black Duck SCA

basic information

**Features of Black Duck SCA** - Abundant scan and analysis targets - In addition to scanning components such as folders, libraries, and binaries, there is a wide range of scan and analysis targets, including OSS source files contained within the source code. - Response to license violation risks - It can detect a wide range of licenses, from well-known open source licenses to those with fewer users. - Response to security vulnerability risks - It maintains a database of vulnerabilities that surpasses the NVD (National Vulnerability Database) and can provide not only risk detection but also specific countermeasures. - Operational risk management - It allows for decisions regarding the migration of outdated or inactive OSS. - Reference for cryptographic technology - It reduces the burden of compliance with regulations related to export-related operations. - Support throughout the software development lifecycle - It addresses the SDLC (a systematic process to ensure the efficiency and quality of software development projects). - Integration with external tools such as DevOps platforms and CI/CD tools - It facilitates integration with DevOps platforms and CI/CD tools.