Black Duck Further Integrates Open Source Governance and Compliance into the Software Development Life Cycle
Burlington, MA January 15, 2013 – Black Duck Software, the trusted partner for open source software adoption, management and governance, today announced the release of Black Duck Suite 6.2, adding new capabilities which help development and legal teams work more effectively together to expedite the adoption of open source software (OSS). Suite 6.2 adds new license obligation management capabilities, new development tool integration support through Software Development Kit (SDK) enhancements, and updated support for SPDX 1.1, allowing organizations to more effectively implement open source governance and compliance throughout the software development lifecycle (SDLC).
IDC reports that open source makes up 30 percent or more of the code at major G2000 organizations and is increasingly looked to as a development resource, and that the control and management of open source components is especially important. Properly vetting open source before development is underway avoids costly rework later in the SDLC and helps mitigate the risk of unknown/undocumented open source software usage. By enabling the rapid understanding of more than 2,200 licenses, the new obligation management features give developers better visibility into the license terms and obligations associated with a component, while helping track the fulfillment of those obligations.
The release also includes expanded SDK support, enabling integration and customization into existing ALM environments and adding transparency to the open source governance process. For example, the new Maven build tool connector facilitates the continuous monitoring of the open source content of a project at every build. Similarly, Black Duck customers can use the SDK to build additional integrations and ensure compliance in their own SDLC, as needed.
“The Black Duck Suite allowed Atlassian to automate our incremental scan and reporting process from within Atlassian Bamboo. The SDK is so complete that any action is possible to automate,” said Anton Mazkovooi, senior development manager, Atlassian.
Support for SPDX® has been upgraded to the latest SPDX version 1.1 specification, enabling standardized communication of open source use. SPDX reduces redundant work for supply chain partners by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance. The SPDX specification is developed by a working group of the Linux Foundation, and Black Duck has been involved in all aspects of the project from the outset.
“The enhanced capabilities of Suite 6.2, which easily integrates governance and compliance into all stages of the software development lifecycle, make the Suite the most powerful open source governance platform for both developers and organizations as a whole,” said Black Duck President and CEO, Tim Yeaton. “This latest release helps developers build better software faster, delivering on our mission to help organizations harness the power of open source technologies and methods for faster innovation, greater creativity and improved efficiency in their software development efforts.”
Black Duck Suite 6.2 is available now. For more information please visit: http://www.blackducksoftware.com/black-duck-suite.