Black
Duck, the global leader in automated solutions for securing and
managing open source software, today announced it is a Google Cloud
Technology Partner. Through the collaboration, Google customers can use
Black Duck solutions to accelerate production use of the cloud and
containers as well as increase security and productivity with automated
intelligence, visibility and control as they move workloads to the
Google Cloud Platform (GCP).
Organizations
are increasingly deploying applications in the cloud and moving into
containerized delivery models, powered by open source architectures.
These new models enable software innovation with speed and agility. At
the same time, DevOps and Security teams are looking for increased
visibility and control over what is inside of their organizations'
applications and container images. It is important for open source
security to be integrated with new cloud and container architectures and
DevOps processes.
Black Duck is releasing its flagship Black Duck Hub solution as a cloud service on Google Cloud Launcher Marketplace,
enabling organizations to deploy Hub on GCP. Hub allows Google Cloud
customers to scan applications and container images, identify all the
open source components, detect and analyze known security
vulnerabilities, compliance issues, and code-quality risks, and enable
policy management to control risks and their remediation. Additionally,
Hub dynamically monitors the scanned code and provides alerts on newly
discovered open source vulnerabilities or policy violations. Google
customers can also use Hub to access the Black Duck KnowledgeBaseTM, the
world's most comprehensive data store of open source components and risk
intelligence.
With
Black Duck Hub on GCP, users can automate security and compliance as a
part of their development lifecycle and continuous integration and
delivery (CI/CD) pipeline, allowing DevOps and Security teams to enhance
speed and agility while controlling risks.
- Black
Duck Hub integration with Google Container Engine (GKE) allows users to
scan and monitor container images in the Google Container Registry
(GCR).
- Black
Duck Hub can be used with third-party CI/CD tools on GCP, including
Jenkins on Google Container Engine in a multi-node Kubernetes cluster,
or with Bamboo, Team City, Maven, and Gradle.
- Black
Duck's IDE integrations allow software developers to select safe and
secure open source using plug-ins to Eclipse and Visual Studio.
"For
very clear economic and productivity reasons organizations are highly
motivated to migrate their applications to the cloud. Because open
source comprises most of the code in their applications and containers,
they need to be sure the open source is secure and compliant. Black Duck
Hub and Google Cloud provide that assurance," said Black Duck CEO Lou
Shipley.
"In
order to deliver high quality software, we're constantly scanning our
products for vulnerabilities and security threats," said Aram Price,
Senior Software Engineer, Pivotal. "We collaborated with Black Duck to
automate security scanning during development, and with the most recent
release of Black Duck Hub we can also automate deployment to Google
Cloud."
Availability
Google
Cloud customers can install Black Duck Hub through the Google Cloud
Launcher Marketplace, allowing them to run scans directly in the Google
Cloud environment. Hub is available with a 14-day free trial for Google
customers.