Black Duck Software, Inc. is an application security company headquartered near Boston, Massachusetts, founded in 2002 by Doug Levin. The company is credited with pioneering the Software Composition Analysis (SCA) market, having started with open-source license and component tracking before expanding into a broader security offering. It serves over 4,000 organisations worldwide.
The company's platform integrates multiple application security disciplines across the software development lifecycle, including:
- Software Composition Analysis (SCA) - tracking open-source components and managing licence compliance
- Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)
- AI-powered security testing and software supply chain security
- DevSecOps tooling to embed security into development workflows
Black Duck was acquired by Synopsys in 2014. In 2024, the business transitioned to independent ownership under private equity firms Clearlake Capital and Francisco Partners, and has since rebranded from "Black Duck Software" to "Black Duck." The company positions its platform as a response to increasing regulatory requirements around software security and the growing complexity introduced by AI-driven development practices.