Skip to main content

Automate Open Source Selection and Governance

Get started with Black Duck Hub, the de-facto choice for open source management.

Request a Demo

Black Duck® Code Center™

Code Center, Black Duck’s original platform for open source governance, has enabled companies worldwide to leverage the power of open source in their software development processes. When open source code is not managed properly, it can introduce significant legal, operational and security risks.

Black Duck Code Center has helped companies enforce open source policies and procedures while avoiding the impact that rules and regulations can have on developer productivity. While Code Center long stood as the industry’s best solution for open source governance, Black Duck Hub is more robust and is now the de-facto choice for open source management.


Are you in control of your open source?

Black Duck automates open source governance and compliance to speed development, reduce costs, and ensure code security & quality.





Hub vs. Code Center

Black Duck Hub is the leading platform for automated license management and open source security. Black Duck Hub helps security and development teams identify and mitigate open source-related risks across their application portfolio, while incorporating the functionality of Code Center’s policy management/open source governance.

  • With the Black Duck we found the right solution to execute our open source governance policy by providing a scalable and transparent approval process.

    - Janaka Bohr, Head of Global Licensing, SAP

Features of Black Duck Hub

  • Policy Management: Set policies for open source projects, license types, and vulnerability tolerance. Quickly identify policy violations and manage exceptions by project and component.
  • DevOps Integrations: The Hub Detect open source discovery client makes it easy to integrate Black Duck Hub into your existing development tools and processes.
  • Customizable Bill of Materials: Maintain code visibility with an editable open source BOM, combining results from automated scanning, build-tool and package-manager manifests, and manual entries.
  • Automatic Vulnerability Mapping/Alerts: Identify known vulnerabilities associated with the open source in your applications and get alerts when new vulnerabilities are reported which affect you.
  • Enhanced Vuln Data: Black Duck Hub provides detailed insight into your application security risk posture with risk-ranked severity metrics and with enhanced vulnerability data from the Black Duck KnowledgeBase
  • Remediation Tracking: Track planned and actual vulnerability remediation progress within individual projects. Leverage Black Duck’s bi-directional Jira integration, or easily import remediation reports into 3rd party tools via a CSV export feature.
  • Risk Dashboards and Reports: Analyze risks within and across projects with easy-to-understand security, license, community activity risk, and remediation progress dashboards and reports.